HackerOne Releases Best Practices for Vulns Disclosures
Infosecurity Magazine | September 22, 2015
There is much controversy around bug-hunting—as Oracle’s chief security officer recently demonstrated when she announced that she was writing cease-and-desist letters to third-party white-hats poking around in the software giant’s code. And she’s not alone: Historically, security researchers who found vulnerabilities either couldn’t find a way to report a security issue to a company, or if they did report issues, are often threatened with legal action.