| I think your email report was good. I think your blog post was a bit juvenile. Amusing maybe, but you're a professional and there's no need to resort to name-calling. Let the toddler's behaviour speak for itself. You don't need to laugh at them in public. It's fun though, I get it. Just gratuitous. My recommendation to you, to turn your email report from "good" to "great", would be something like this: ------------ > Hi, I'm an independent security researcher and I publish my findings under the name "Yyyy". My primary website is yyyy.com and I've had reports published in Blah, Blah, and Blah. A quick web search will tell you more about me and my background. > I'm writing to report an issue I noticed in toddlerceo.com. Specifically: > (your good and complete list of specifics here, including exposure risk and high level mitigation notes if practical). > My intent is to improve the security of the Internet, and to write about the kinds of issues I've discovered. The issue I've described here will make for an interesting and valuable article, but I don't want to publish until you've had a chance to fix the issue, so my standard procedure is to delay publication for 30 days. I'll work on the article now, and schedule it for publication on March 24th, 2025. > Please let me know if you need any more details on the issue I've found. ---------- This may be more than they deserve! But that's OK, because you're a professional and if you are lucky enough to get a professional on the other side of the conversation, you will earn their respect, at no cost to you. And let's be honest: your motivation for writing this article is self-promotional. You want work. Impress the CEO/security officer/etc, and you will get work, or referrals for work. So it may be more than they deserve, but it works in your interests too. |