Ask HN: Remote hole and us law
Hi, imagine you find yourself in the position of finding one of the biggest remote hole in the cloud of one of the most popular tech company out there.
You don't want to make money with it - you just want to solve this stuff with the right person but you know that the size of he topic could be overwhelming the employee behind the security email address and you need to find a high executive to really solve this.
Just write a mail to there security email address and pray that they do there job with already knowing that they will take up to >100 days in he past to react on issues?
Who to reach out or find the right person in the company?
Besides that, I'm not 100% familiar with us law but was the risk from law point of view if you report a remote hole?
Best
S
2 comments
[ 3.7 ms ] story [ 13.7 ms ] threadI, personally, would just post the details to full-disclosure, but not everyone agrees with that.