Hacker News new | comments | show | ask | jobs | submit login

> The fact that 'contact Onity, then disclose publicly after a reasonable period of time' is nowhere on his list just blows my mind.

That's the very first thing on the list. Quote: "The standard 'Responsible Disclosure' approach would be to notify Onity and give them X months to deal with the issue before taking it public."

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact