Hacker News new | past | comments | ask | show | jobs | submit login
How Not to Run a Vulnerability Disclosure Program (sneak.berlin)
25 points by mettamage on April 25, 2021 | hide | past | favorite | 9 comments



This feels, frankly, childish. The privacy policy that has him so incensed is just an explanation, in clear English, of how information is stored and processed. All they are saying is "if you send us information, please make sure you're happy with what we'll do with it".


tldr: The author's just annoyed at having to agree to a TOS and enable javascript.


...and create an account, and agree to the TOS (which grants a copyright license), and jump through who knows how many other hoops waiting in the wings. To make a free donation. Of information. Which I wrote in an email already.

Note also that I don't actually have to do any of those things, and I'm about to prove it by not doing so. I've already made a reasonable effort. Now I'm just going to publish the issue in a month.

Not my circus, not my monkeys.


Here's what I was greeted by upon landing on your website:

https://imgur.com/JfIylel


Can you reproduce the issue with javascript disabled?


Assuming charitably that by "issue" you mean seeing your own popup, if it's meant as a slap to users who have Javascript enabled you might consider a more straightforward warning,for example "If you don't like harmless blocking popups, think of all the worse things that Javascript can do against you, from tracking what parts of a porn clip you fast forward through to compiling a database of your movements. Disable Javascript."


It was a joke; I put the modal popup there on purpose. Thousands of people have found it useful, the author of the website among them.

Options for people who don't like it:

1) don't visit my website

2) greylist resources using uBlock Origin

3) disable js

4) complain

All but one of these strategies are effective.


I'm not in the white hat space but from reading this sort of blog post what you're describing is completely normal. Some people think companies should go down on bended knee to vulnerability disclosers, but that just doesn't happen. Based on your title I was expecting something much more significant.


I fail to see a connection between "go down on bended knee" and "read your emails".




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: