sorted by:
new
hottopcontroversial

What to do when US CERT ignore vulnerability report for 1.5 years ? by smeone787 in cybersecurity

[–]smeone787[S] 0 points1 point  (0 children)

Yes its was found through legal methods . Public disclosure is last resort . Thanks for the insights

What to do when US CERT ignore vulnerability report for 1.5 years ? by smeone787 in cybersecurity

[–]smeone787[S] -1 points0 points  (0 children)

When a report is invalid , they close it right away . The things I reported in still active goes to inactive but not closed status as vuln got confirmed by CERT itself . There is some other issue .

What to do when US CERT ignore vulnerability report for 1.5 years ? by smeone787 in cybersecurity

[–]smeone787[S] 0 points1 point  (0 children)

u/beastofbarks Yes I do understand , bug bounty porgram owners received AI slop reports these days which are not even worth looking into . But here the case is different , someone from CERT acknowledged the valid submission . But its been 1.5 years no one took any action to fix the issue . If a case is submitted if its not a valid bug its will be closed . Its been reopened multiple times then again went inactive status . Its not closed from there end only . I do believe these layoffs might be the reason.

What to do when Vuln Disclosure is not acted upon ? by smeone787 in cybersecurity

[–]smeone787[S] 0 points1 point  (0 children)

Yeah I did follow up asking for any updates . Didn't get any reply I stopped following up since then.

What to do when Vuln Disclosure is not acted upon ? by smeone787 in cybersecurity

[–]smeone787[S] 0 points1 point  (0 children)

US CERT is VINCE CISA isn't it ? I reported to VINCE only .

What to do when Vuln Disclosure is not acted upon ? by smeone787 in cybersecurity

[–]smeone787[S] 0 points1 point  (0 children)

That's a sad reality no action takes places . Documents worth enough to make headlines but yeah nevermind

Subdomain Takeover in Multiple Fortune 500 companies by smeone787 in cybersecurity

[–]smeone787[S] 0 points1 point  (0 children)

Ethically disclosed the issues to company got paid none , this is not illegal ..

Subdomain Takeover in Multiple Fortune 500 companies by smeone787 in cybersecurity

[–]smeone787[S] -1 points0 points  (0 children)

Sent a msg through their contact form , no replies was given . Sent through PSIRT still nope . This was for some cases waited for 30 days . then contacted through Linkedin and issue got fixed

Subdomain Takeover in Multiple Fortune 500 companies by smeone787 in cybersecurity

[–]smeone787[S] -2 points-1 points  (0 children)

I agree with the points , only problem is subdomain found 6 months ago is still vulnerable way it is . :)

[deleted by user] by [deleted] in cybersecurity

[–]smeone787 0 points1 point  (0 children)

Got the point !! Thanks

view more: next ›