Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
As a dev or as an outsider?
srshah19106362dGood question. As a dev?
Immediately report to PM
heyheni1826862dMake a PowerPoint presentation about the dangers, potential mony loss and your solution. Then schedule a meeting with the CTO and Compliance and the GDPR Officer.
srshah19106362dPowerPoint presentation? Instead, said dev can just use flaw and let management learn from mistake. 😂
Pickman55962dReport it to the company.
If you're external: tell them that you will report it to the authorities in two months. Do not answer to any of their non-technical queries.
If you're internal: once it's clear that they will not fix it report it to the authorities anonymously without telling them. Your obligations to the laws and the users that are put in danger (usually) outrank your obligations to the company.
Root5129761dReport it anonymously so you're not accused of "hacking." Humans are fearful and disgustingly stupid creatures, and often think that effects are causes. They may very well blame you for the existence of the flaw simply because you found it, and will absolutely blame you for any new damage caused by said flaw.
Doesn't matter if it doesn't make sense.
Keep yourself safe.
DubbaThony85161dI assume im outsider.
1. Check if there are bounty programmes by given company. allways nice to have.
2. Report to company.
3. After month of no fix, report it anywhere where it needs to go to make it hot for them.
4. If there are valid reasons to apply CVE, do it.
5. After next few months if no fix, annonymously publish there is exploit without any detail how etc.
6. wait month or so, if no dice publish exploit with script or something. At that point its clear that company dosent give a single piece of broken fuck about customers anyway. But appearance hurts.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job