|
|
|
|
|
|
by user5994461
2182 days ago
|
|
|
>>> I personally know at least 5 exploitable vulnerabilities in some government websites, but I won't be disclosing them, since that will land me in a lot of trouble. I can tell you from experience, the only way to reliably get a vulnerability fixed is to publish on Twitter. Of course if you've got vulnerabilities in government sites and power plants, you may prefer to not disclose to twitter to avoid harm to the public. Sitting on vulnerabilities in the absence of alternative is a perfectly ethical and reasonable choice. |
|
|