Re: [Full-disclosure] Fw: Earth to Facebook
- From: upsploit advisories <upsploitadvisories@xxxxxxxxxxxx>
- Date: Sun, 18 Mar 2012 21:27:16 +0000
We don't just send the initial advisory... I guess I need to make the
website slightly more informative!
After the initial contact we have (currently) a 6 month disclosure policy.
We send an email every month, in the final month once a week and in the
final week once a day. This email is automatically generated and includes
information about how long is left, how many emails we have sent etc.
Please note that the 6 months is being changed to 1 month without contact 3
month fix (case by case) in the near future.
On 18 March 2012 21:24, Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx> wrote:
Why not just provide them with the contact and they can forward it on_______________________________________________
directly? Then you could obviate the entire trust issue…****
*From:* full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:
full-disclosure-bounces@xxxxxxxxxxxxxxxxx] *On Behalf Of *upsploit
*Sent:* Sunday, March 18, 2012 1:56 PM
*To:* Michal Zalewski
*Subject:* Re: [Full-disclosure] Fw: Earth to Facebook****
The only other people that see the vulnerability are the select few in
However if the vendor is already in the upSploit database the advisory
gets submitted straight away to the vendor.****
If you want to try it out there should be an upSploit vendor in the vendor
list. Submit some advisories there.****
There is no ploy - like anything it is about trust. I created the service
because when I first started I found it hard to find contacts sometimes.
Use it if you want, don't if you don't. Simple as that really!****
Use it once for something you may not care about to much and see how it
works for you.****
On 18 March 2012 20:22, Michal Zalewski <lcamtuf@xxxxxxxxxxx> wrote:****
Without meaning to advertise, that is one of the reasons upSploit washave
created - so that you could submit a vulnerability and then upSploit
automatically sends to the vendor. This way you and your friend don't
to do any of the work on the disclosure.****
I clicked around and don't see any obvious explanation; other than the
reporter and the vendor, who else gets to see the submissions and
under what circumstances?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/