[OWASP-Bangalore] Why full/public disclosure of WebAppSechack/vulnerability !

Syed Mohamed A SyedMA at microland.com
Fri Jun 26 02:53:01 EDT 2009

Send it to security focus ...


Syed Mohamed A

AGM - Security Services,

Microland LTd

(Co-author OWASP Guide, WASC Threat Classification, SANS Top 20) 


From: owasp-bangalore-bounces at lists.owasp.org
[mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Raxit
Sent: Thursday, June 25, 2009 9:37 PM
To: owasp-mumbai at lists.owasp.org; owasp-bangalore at lists.owasp.org;
BarCampMumbai2; BarcampAhmedabad; barcampdelhi at googlegroups.com;
bangalore_barcamp at yahoogroups.com; null null
Subject: [OWASP-Bangalore] Why full/public disclosure of
WebAppSechack/vulnerability !


Hi Guys

On this sunday(21st jun 2k9), found few critical personal data open on
Outlook Money website  which i twitted After it has been fixed etc..
[i.e. first it is fixed and then i twitted !!! just to avoid any

Now i just wanted to know why to put disclosure or bring this to public
(After it has been fixed !) ?  [if they are not fixing and to force them
to fix, doing public disclsure is fine ...But once they have done the
fix... Should one ?]

Open for thoughts !

-Raxit Sheth

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. 
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the material from your computer. 
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090626/63f05419/attachment.html 

More information about the OWASP-Bangalore mailing list