Responsible disclosure

Published: Sunday, 19 April 2015
image

that devs give us details when they update a security issue. As you will see in our listings, we will only say things like "slideshow, xss, 1.8". A little note like that can save people having un-patched versions on their system before they see a disclosure and then may take some time to update giving hackers a chance to exploit it.It also saves any confusion about what is and what isn't a current vel item.

That's why we ask people for their alerts as soon as possible so people know to update but we don't give hackers the tools to do it. we don't link to POC pages or anything like that.Some devs also think that hiding the security update in their change log, or saying it is only a small vulnerability, or saying after a page of product glorification that they have patched the script, is responsible disclosure.

We look forward to hopefully having your alert resolutions as soon as you are aware of them

Read more https://vel.joomla.org/articles/1679-responsible-dislosure

Hits: 451