From what I can tell, the message is When you discover an exploit, only communicate with source (a...

0x59 • yesterday at 11:34 AM • 2 replies • view on HN

From what I can tell, the message is

When you discover an exploit, only communicate with source (and pray they respond) or get sued. Seems like the position is customers and stakeholders shouldn't be allowed access to this information.

Replies

whstl • yesterday at 1:58 PM

Seems similar to what Microsoft is doing lately:

https://www.cpomagazine.com/cyber-security/microsoft-doubles...

sigmoid10 • yesterday at 11:36 AM

That's actually very common even with respected bug bounty programs. Communicating exploits to anyone else (let alone the general public) will at the very least make you ineligible for rewards.

➕ show 1 reply

alt Hacker News

Replies