|
|
|
|
|
|
by JayeLTee
476 days ago
|
|
|
Agreed that the wording to fully understand my intent might not be present on the email and is only achieved when you look at the whole email and what information I provide etc, I've been trying different things to see what works as unfortunately I get ignored totally, A LOT. That is also the reason there is no direct link to my publications on the actual emails, another link to add suspicion of phishing that leads to being ignored.
I do provide a link to my index with all my public finds on the signature of the email though. Also a google search of my handle which I sign and mention on the email would get multiple hits for reputable news websites such as Databreaches.net, TechCrunch, The Register, Publimetro, but doesn't seem companies do much vetting at all before ignoring the alerts. |
|
|
I think your blog post was a bit juvenile. Amusing maybe, but you're a professional and there's no need to resort to name-calling. Let the toddler's behaviour speak for itself. You don't need to laugh at them in public. It's fun though, I get it. Just gratuitous.
My recommendation to you, to turn your email report from "good" to "great", would be something like this:
------------
> Hi, I'm an independent security researcher and I publish my findings under the name "Yyyy". My primary website is yyyy.com and I've had reports published in Blah, Blah, and Blah. A quick web search will tell you more about me and my background.
> I'm writing to report an issue I noticed in toddlerceo.com. Specifically:
> (your good and complete list of specifics here, including exposure risk and high level mitigation notes if practical).
> My intent is to improve the security of the Internet, and to write about the kinds of issues I've discovered. The issue I've described here will make for an interesting and valuable article, but I don't want to publish until you've had a chance to fix the issue, so my standard procedure is to delay publication for 30 days. I'll work on the article now, and schedule it for publication on March 24th, 2025.
> Please let me know if you need any more details on the issue I've found.
----------
This may be more than they deserve! But that's OK, because you're a professional and if you are lucky enough to get a professional on the other side of the conversation, you will earn their respect, at no cost to you.
And let's be honest: your motivation for writing this article is self-promotional. You want work. Impress the CEO/security officer/etc, and you will get work, or referrals for work. So it may be more than they deserve, but it works in your interests too.