|
|
|
|
|
|
by akerl_
925 days ago
|
|
|
Is encrypted email commonly used for reporting security vulnerabilities? It seems like increasingly, more reports occur via bug bounty programs, or are disclosed publicly by the researchers, or are just sent as plaintext emails to security@ or whatever is publicly listed. When I've found security vulnerabilities in somebody's code, I can't think of a time I ever thought about GPG-signing my notice to them. |
|
|
It's not authenticity that matters here, it's confidentiality.