|
|
|
|
|
|
by uaas
694 days ago
|
|
|
Usually security researchers are required to reach out to the target before escalating further into the systems, asking for permissions to proceed. This is also something bug bounty programs require as per their rules for their targets in scope. I’d expect this to be the case here as well, given the researcher is employed by a security company. Researchers also usually mention which points they asked for additional permissions at in writeups, but now always. |
|
|