Hacker News new | past | comments | ask | show | jobs | submit login

One of the advantages of this is that it gets you feedback, I've reported security flaws to a number of companies before (including Google) and one of the most frustrating things I've found is if the report just goes into a blackhole and you hear nothing back. Even if they fix it quietly, it's nice if a company gets back to you even just with a thank-you note.



I've found that if you are going to report a security flaw to a large company that doesn't have a security team that monitors security@ your best bet for a response is to find the email of an employee, the higher up the better, and email them directly. Rather than emailing a support@ address.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: