Nothing new under the sun.. i have done some security testing on _open source_ webapps, and most of the time if you allert the publisher of your founding ( most of the time remote code executions, not "boring" XSS ) the answer is tipically "F*** off, we do not need your help / you are lying / you are a criminal / etc.etc." showing that bug founding is still looked with diffidence from many people;
on the other side admins are so proud of themselfs that they do not want other people to know they have bad coded something, look at this: http://forums.pligg.com/questions-comments/23065-pligg-1-1-3-security-vulnerabilities.html#post103328 to close with a semi-serious joke: put all this together and you will know why black market selling of exploit is increasing his size: at least someone will appreciate your work and eventually recompensate you for it.. On Wed, Mar 30, 2011 at 9:33 PM, Cal Leeming <c...@foxwhisper.co.uk> wrote: > > > > Like with most laws, the key point is "intent". If your intention was > clearly not malicious, then you are safe. -- BlackHawk - hawkgot...@gmail.com Sent with Gmail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/