Internet Robocop. Former “Voice of the Researcher” at Amazon Web Services. Views/opinions are my own.
Feb 3, 2022 • 11 tweets • 2 min read
You asked, so I'll deliver. This is what I know about responsible disclosure/#CVD/how to report security issues in other people’s software. Call it "10 Commandments of Durson" if you want. 🧵
1. Be verbose - more info is better. Don't assume that anyone will know what you're reporting from context. Include as many details and as much background as possible in your report.