Page History
...
Whatever the issue is in the context of a vulnerability disclosure, lawyers alone are rarely the right answer. Cease-and-desist letters tend to backfire as described in Section 6.8.
Responding with legal threats can have negative public relations effects in the long term for vendors as well:
...
We have outlined a variety of ways in which the CVD process might not go as smoothly as you'd like, whether you are a finder, reporter, vendor, coordinator, or deployer. When problems arise that you're not prepared to handle, or even if you just need a quick opinion on what to do next, there are a number of coordinating organizations available to help. These include the following:
- CERT/CC
- national National CSIRTs that handle CVD cases
- JPCERT/CC
- NCSC-FI
- NCSC-NL
- larger Larger vendors (Google, Microsoft, etc.)
- bug Bug bounty operators (BugCrowd, HackerOne, etc.)
...
Overview
Content Tools