Reporting vulnerabilities is for the brave
I was involved in disclosing a vulnerability found by a student to a production web site using custom software (i.e., we didnít have access to the source code or configuration information). As luck would have it, the web site got hacked. I had to talk to a detective in the resulting police investigation. Nothing bad happened to me, but it could have, for two reasons.
At the CERIAS weblog.
[ Read more ]