|
|
|
|
|
|
by zamnos
1217 days ago
|
|
|
You should yes, but world is full of "shoulds" that aren't followed, often for entirely valid reasons. If the organization doesn't have a public bug bounty program, then I wouldn't report it to them - find an intermediary to whom you can anonymously dump the information to. Even something as trivial "view source" is liable to get you investigated for 'hacking', which is a hassle you just shouldn't have to deal with - here's the story of a journalist in Missouri who had that happen to them. https://www.vice.com/en/article/pkpmj7/this-is-the-hacking-i... |
|
|