Informing Companies about security vulnerabilities...


This has wandered far enough and has devolved into legal issues (and flames I've had to bounce) and other tangents outside of the charter of the pen-test list. Unless subsequent replies address the initial question of notification procedures you've seen work in the past the message will be deleted and not forwarded to the list.

Please let me know if you have any questions or concerns.

Erin Carroll
Moderator - SecurityFocus pen-test list

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.