|
|
|
|
|
|
by objclxt
5083 days ago
|
|
|
It depends on a number of things. If you've documented your communications with them and have repeatedly tried to get in touch you may feel like disclosing publicly. A year is more than enough time to fix a XSS issue, and nobody would really judge you for going public with it. However, this might depend on where you live. Some countries (like the UK, where I'm typing this from) make testing website for vulnerabilities illegal, no matter how serious the issue or good the intentions[1]. Very few people are actually caught by these laws, but there is always a risk that you piss off a litigious company, who then go after you. [1]:http://jeremiahgrossman.blogspot.co.uk/2006/09/is-testing-fo... |
|
|