Full width home advertisement

Post Page Advertisement [Top]

Hey folks:

I have a dilemma that I would like to run by you all. Assuming you are an employee of a company, and the company have a SaaS platform on the web. Assuming you've read the source code, and have determined that there are bugs and vulnerabilities in which are leaking user's data. This is also reproducible by anyone using the platform with your typical browser inspection tools and curl. (Think lack of authorization checks, guessable incremental IDs...)

You've reported this to the upper management, however, their action and stance is "no business value to fix it".

Let's assume, that you are no longer with the company. What's the responsible and ethnical thing to do here?

Follow the standard from
https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html and report the vulnerability to the organization?

Or not do anything? submitted by /u/Easy-Translator-9012
[link] [comments]


http://dlvr.it/T0XmpR

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib