Back in the day I used corelan tutorials to learn. I developed quite a few 0days. The vast majority of vendors didn't ever respond. Those who did respond? They never responded asking for more info or saying thanks. The 2 to ever respond just threatened to sue.
I am opposed to responsible disclosure. Sorry, can't risk being sued.
Now they don't get disclosed(growing collection of 0days that never seem to ever get fixed) or anonymous full disclosure on github.
Over the years there have been so many well meaning projects like this one. They all collapsed, then another hacker comes along and starts a new one because they see no equivalent.
Except for the fact that IMO disclousre is important, even if sometimes it can be painful, it's still the best way to get vulnerabilities fixed make the Internet a little bit safer.
Next time you find a 0day, try OpenCIRT. We can't guarantee anything but we are putting lots of efforts in designing strong procedures for effective disclosure.
I am opposed to responsible disclosure. Sorry, can't risk being sued.
Now they don't get disclosed(growing collection of 0days that never seem to ever get fixed) or anonymous full disclosure on github.
Over the years there have been so many well meaning projects like this one. They all collapsed, then another hacker comes along and starts a new one because they see no equivalent.
https://opencirt.com/knowledgebase/how-does-opencirt-protect...
I applaud these efforts each time but they become a lightning rod.
I have considered though. Could you build a wikileaks equivalent?
Oh right, here's the latest on Assange: https://www.bbc.com/news/uk-60743322