I realized that I (somewhat subconsciously) changed my vulnerability communication. I think that I’ll keep it this way.

Most companies don’t bother keeping me in the loop, saying “thank you” or even merely confirming that they received the report.

· · Web · 1 · 0 · 2

So if some details get lost in the communication, or if they forget about the deadline – I don’t bother either. It’s not my job to remind them about fixing the vulnerability or pointing out remaining issues. I’ll just publish the details when the deadline arrives.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.