[OWASP-Bangalore] Why full/public disclosure of WebAppSec hack/vulnerability !
Vikas Jain
v_jn at yahoo.co.in
Fri Jun 26 01:35:00 EDT 2009
Hello Raxit,I just want to recollect, what I understood from your email.
"Some vulnerability in outlook money website has been reported and fixed.. But even after the fix, you are still able to exploit the vulnerability."
I this case, I would suggest to go for public-disclosure. Please correct me if I misunderstood something.
Regards,
Vikas
________________________________
From: Raxit Sheth <raxitsheth2000 at gmail.com>
To: owasp-mumbai at lists.owasp.org; owasp-bangalore at lists.owasp.org; BarCampMumbai2 <barcampmumbai2 at googlegroups.com>; BarcampAhmedabad <barcampahmedabad at googlegroups.com>; barcampdelhi at googlegroups.com; bangalore_barcamp at yahoogroups.com; null null <giimale at gmail.com>
Sent: Thursday, 25 June, 2009 9:37:13 PM
Subject: [OWASP-Bangalore] Why full/public disclosure of WebAppSec hack/vulnerability !
Hi Guys
On this sunday(21st jun 2k9), found few critical personal data open on Outlook Money website which i twitted After it has been fixed etc.. [i.e. first it is fixed and then i twitted !!! just to avoid any confusion.]
Now i just wanted to know why to put disclosure or bring this to public (After it has been fixed !) ? [if they are not fixing and to force them to fix, doing public disclsure is fine ...But once they have done the fix... Should one ?]
Open for thoughts !
-Raxit Sheth
www.m4mum.com
www.twitter.com/raxit
ICC World Twenty20 England '09 exclusively on YAHOO! CRICKET http://cricket.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090626/62f63fbf/attachment.html
More information about the OWASP-Bangalore
mailing list