top | item 39188269

(no title)

_kbh_ | 2 years ago

> Indeed, especially when Googling "Mercedes report security issue" the page litterally populates the results with the address to email so it wasn't like it's hard to find.

Reporting via a third party isn't super unusual if you think that a organisation may be a bit legal threat happy from your report.

discuss

waihtis|2 years ago

This may be true if there isn't a vulnerability disclosure program in place but there was, thus your point is completely invalid.

hug|2 years ago

No, his point remains: companies may act in bad faith, and publicly committing to act in good faith is absolutely no evidence they will not.

I don’t mean to be trite, but publishing a bug bounty program doesn’t mean you’re the good guys.