List,
I would like to hear your experiences reporting web application
vulnerabilities to "random" websites. By "random" I mean websites that
aren't a client/friend/relative/etc of yours.
In my experience, it has always worked out fine, as I send the
email explaining that I don't want nothing in return, and if they need
any other help understanding the vulnerability they can call me on my
phone (this gives an idea of me being somebody serious ;) . But my
experience is limited to small companies, Universities, and other
websites here in Argentina.
What's your experience in this subject? It's story telling time! =)
Cheers,
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
