[OWASP-Bangalore] [Owasp-Mumbai] Why full/public disclosure of WebAppSec hack/vulnerability !

Bishan Singh c70n3r at gmail.com
Tue Jun 30 09:23:12 EDT 2009


Anyone with experience reporting to CERT-IN? They have a special
mention on their website for vulnerability reporting
http://www.cert-in.org.in/vul-reporting.htm

It says you could fill a form and email them.

On Thu, Jun 25, 2009 at 9:37 PM, Raxit Sheth<raxitsheth2000 at gmail.com> wrote:
> Hi Guys
>
>
>
> On this sunday(21st jun 2k9), found few critical personal data open on
> Outlook Money website  which i twitted After it has been fixed etc.. [i.e.
> first it is fixed and then i twitted !!! just to avoid any confusion.]
>
> Now i just wanted to know why to put disclosure or bring this to public
> (After it has been fixed !) ?  [if they are not fixing and to force them to
> fix, doing public disclsure is fine ...But once they have done the fix...
> Should one ?]
>
>
> Open for thoughts !
>
>
>
> -Raxit Sheth
> www.m4mum.com
> www.twitter.com/raxit
>
>
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>


More information about the OWASP-Bangalore mailing list