top | item 46140226

(no title)

It's so great that they allowed him to publish a technical blog post. I once discovered a big vulnerability in a listed consumer tech company -- exposing users' private messages and also allowing to impersonate any user. The company didn't allow me to write a public blogpost.

discuss

qmr|2 months ago

"Allow"?

Go on write your blog post. Don't let your dreams be dreams.

bigmadshoe|2 months ago

Presumably they were paid for finding the bug and inn accepting relinquished their right to blog about it.

gessha|2 months ago

Why is the control of publication in their hands and not in yours? Shouldn’t you be able to do whatever after disclosing it responsibly?

CER10TY|2 months ago

Presumably they'll threaten to sue you and/or file a criminal complaint, which can be pretty hard to deal with depending on the jurisdiction. At that point you'll probably start asking yourself if it's worth publishing a blog post for some internet points.

trollbridge|2 months ago

Yet another reason these disclosures should be anonymous (from the reporting side).