> The fact that 'contact Onity, then disclose publicly after a reasonable period of time' is nowhere on his list just blows my mind.
That's the very first thing on the list. Quote: "The standard 'Responsible Disclosure' approach would be to notify Onity and give them X months to deal with the issue before taking it public."
That's the very first thing on the list. Quote: "The standard 'Responsible Disclosure' approach would be to notify Onity and give them X months to deal with the issue before taking it public."
reply