That is a good question, what I think you should do is contact the company in question ask to talk to their "IT" manger, describe the security problems ask for their email address and their web developers email address to send the security hole to.
In the email address describe the security breach and how you found it. If the bug is in an opensource web app post it to the app's bugzilla list to resolve it. ;-) hi guys, if someone finds a security hole in a web application and wants to notifiy the admin of the page, what do you suggest are the next steps wo be taken to ensure that the admin takes the report seriously? i mean, just sending the report without description about further steps (publication after some time, ...) is not really helpful. most of the reports will be ignored or simply "forgotten". does someone have a link to a page or can give me some suggestions? cya, gottfried -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
