Please help me handle a security vulnerability
On December 21, 2022 I required use of the service in question and once again found a security problem. The same problem.
On December 21, 2022 I noted several pieces of evidence which indicate active exploitation of the vulnerability.
On December 21, 2022 I contacted: CBC, The business, NDP, and the OPC. To date, none of them have contacted me except for automated responses. I get that it's Christmas but over a week just to hear anything from any human from any of those organizations? Nothing.
At the most severe, the security vulnerability threatens life and limb. It impacts approximately 2,000,000 people directly and I would estimate the total impact in the 10s or 100s of millions of people. It impacts people globally.
It's causing me too much stress. If you are in a verifiable position of power in Canada, please indicate how I can get in touch with you.
Otherwise, please, any advice you have on how I can get rid of this curse without harming anyone is greatly appreciated.
9 comments
[ 14.4 ms ] story [ 337 ms ] threadUnfortunately many people do this, thinking that a potential bad outcome of a business process is a "vulnerability" - perhaps they are using vulnerability in the non-technical sense, as in "we're vulnerable to supply chain disruptions".
Ask to remain anonymous, and do your best efforts to reach out without disclosing personal information.
Set a time limit to 6 months (which usually is the deadline). After it, blog about it and spread the news.
[1] https://www.cve.org/ResourcesSupport/ReportRequest