top | item 28648279

(no title)

mswtk | 4 years ago

That honestly sounds like a failure to communicate with the researcher first and foremost. If it's difficult to prioritize the fix internally due to organizational politics, that's one thing, but that shouldn't stop the bounty team from communicating the status to the researcher. In fact, that should be the simplest part of the whole process, as it's completely within the purview of the bug bounty team. If they handle that right and build some trust, they might be able to successfully ask the researcher for an extension on disclosure.

Case in point, Apple likely could have come out of this looking much better if they didn't ignore and then actively lie to illusionofchaos. That really isn't a very high bar to clear.

discuss

No comments yet.