Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
As a dev or as an outsider?
Good question. As a dev?
Immediately report to PM
Alice113727dDepends on country. If it's for example germany, no one will care, no one will fix it and no one will enforce it.
Make a PowerPoint presentation about the dangers, potential mony loss and your solution. Then schedule a meeting with the CTO and Compliance and the GDPR Officer.
PowerPoint presentation? Instead, said dev can just use flaw and let management learn from mistake. 😂
Pickman4357dReport it to the company.
If you're external: tell them that you will report it to the authorities in two months. Do not answer to any of their non-technical queries.
If you're internal: once it's clear that they will not fix it report it to the authorities anonymously without telling them. Your obligations to the laws and the users that are put in danger (usually) outrank your obligations to the company.
Root480907dReport it anonymously so you're not accused of "hacking." Humans are fearful and disgustingly stupid creatures, and often think that effects are causes. They may very well blame you for the existence of the flaw simply because you found it, and will absolutely blame you for any new damage caused by said flaw.
Doesn't matter if it doesn't make sense.
Keep yourself safe.
I assume im outsider.
1. Check if there are bounty programmes by given company. allways nice to have.
2. Report to company.
3. After month of no fix, report it anywhere where it needs to go to make it hot for them.
4. If there are valid reasons to apply CVE, do it.
5. After next few months if no fix, annonymously publish there is exploit without any detail how etc.
6. wait month or so, if no dice publish exploit with script or something. At that point its clear that company dosent give a single piece of broken fuck about customers anyway. But appearance hurts.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job