nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq5tvv6c5rdcj2z03r5sw5dzl36qx2kkpqe47yscckve5a2h0psstsa9skc4 (nprofile…skc4) there’s a whole bunch of “it depends” in here.
Personally, I don’t report vulns on Fridays. I don’t want to ruin some engineers’ weekends.
If you want to be virtuous and sacrifice your own holiday time, you could spend tonight/tomorrow writing a truly excellent #disclosure that anticipates questions and highlights attacker value. Most snap #vulnerability reports are kinda garbage and need a bunch of clarification, which slows down patching and invites disagreements.
We wrote a template that we use. You can use it too if you want.
https://takeonme.org/cves/CVE-20XX-YYYY.html
Tod Beardsley 🤘 /
npub1hm…pl0yl
2024-11-27 23:30:20
in reply to nevent1q…8nrt
Author Public Key
npub1hmgnuqccyragcwepqz4xdt76xufuk4n3a9mps9hl23v9fldkt3cszpl0ylPublished at
2024-11-27 23:30:20Event JSON
{
"id": "a6807124084b30bc01423da4f4349703683704f04500ced943d0bbe98183c886",
"pubkey": "bed13e031820fa8c3b2100aa66afda3713cb5671e9761816ff545854fdb65c71",
"created_at": 1732750220,
"kind": 1,
"tags": [
[
"p",
"a2d8cd62836e24a13e23a41d468bf1d00cab5820cd7c4863166669d55de18417",
"wss://relay.mostr.pub"
],
[
"p",
"04669fddd5a44e78bb86e7752275a8b46190c6ad3e97baaceccd56fe311df27a",
"wss://relay.mostr.pub"
],
[
"e",
"8078f50dcc8142da5c91fe7e5f15e10c0bd6959f3e341295e92f77d9c69d5c9e",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"disclosure"
],
[
"t",
"vulnerability"
],
[
"proxy",
"https://infosec.exchange/users/todb/statuses/113557518449123254",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq5tvv6c5rdcj2z03r5sw5dzl36qx2kkpqe47yscckve5a2h0psstsa9skc4 there’s a whole bunch of “it depends” in here.\n\nPersonally, I don’t report vulns on Fridays. I don’t want to ruin some engineers’ weekends.\n\nIf you want to be virtuous and sacrifice your own holiday time, you could spend tonight/tomorrow writing a truly excellent #disclosure that anticipates questions and highlights attacker value. Most snap #vulnerability reports are kinda garbage and need a bunch of clarification, which slows down patching and invites disagreements.\n\nWe wrote a template that we use. You can use it too if you want.\n\nhttps://takeonme.org/cves/CVE-20XX-YYYY.html",
"sig": "7769aa5dbb9f98d21e0d3f053ace490749a43b05f93c12afc60f859b8802476500f26dd26b554eebf6a424a60f1e2d171f2cb3a3faee637eafe71faf3d9e3bcf"
}