1 comment

[ 2.8 ms ] story [ 14.1 ms ] thread
Besides the specific vulnerability/exploit, it still perplexes me how there wasn't a "official" address/contact and the Author had to make several attempts to report the issue (and had even to go through Twitter!).

I believe this is a generic problem with lots of organizations/companies, contacting them about possible security vulnerability is made complex or impossible while there should be a simple straightforward way.

I wouldn't be surprised if a number of vulnerabilities (besides bugs) go unreported because the user that finds them is not persistent enough in communicating abou them.