[OWASP-Bangalore] Why full/public disclosure of WebAppSec hack/vulnerability !

Raxit Sheth raxitsheth2000 at gmail.com
Thu Jun 25 12:07:13 EDT 2009


Hi Guys



On this sunday(21st jun 2k9), found few critical personal data open on
Outlook Money website  which i twitted After it has been fixed etc.. [i.e.
first it is fixed and then i twitted !!! just to avoid any confusion.]

Now i just wanted to know why to put disclosure or bring this to public
(After it has been fixed !) ?  [if they are not fixing and to force them to
fix, doing public disclsure is fine ...But once they have done the fix...
Should one ?]


Open for thoughts !



-Raxit Sheth
www.m4mum.com
www.twitter.com/raxit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090625/1e01c402/attachment.html 


More information about the OWASP-Bangalore mailing list