« Upvoted: Three awesome old ladies | Home | Upvoted: So you guys liked my lion...I'd like to show you the 25 years it took to get there »

February 15, 2013

Upvoted: How long to give a provider after pointing out a vulnerability?

I identified a security flaw in a large email vendor that allows the communications between two separate entities to be intercepted without either of them knowing.

I tested and informed them of how to replicate the behaviour (it's trivial, requiring no software or any kind of special account). Initially they seemed to be on the ball but the latest responses seem to be nothing more than fobbing me off.

How long is "ethical" to leave it before you call them out publicly and publish your findings?

submitted by bigolslabomeat to sysadmin
[link] [3 comments]

via reddit: the front page of the internet