|
|
|
|
|
|
by glogla
5185 days ago
|
|
|
If you contacted them non-anonymously first, you made a mistake, because they can and will sue you if you disclose it. Judges don't understand computers and US courts are all about draining money from someone, so they still might ruin you out of spite even if you disclose it in a way that there's no proof it was you or if someone else who discovered and released it on his own. The correct way would be: 1) discover a vulnerability 2) contact them anonymously 3) if they don't fix it, anonymuosly release it to general public That way, you can still help them while protecting yourself. The third step is optional of course. |
|
|