You have never heard me say IDGAF is an unethical policy. If you've paid attention to me here (I don't know why you would), all you've seen me do is point out how Orwellian and coercive the term "responsible disclosure" is.
For a CSRF that you didn't use someone else's account to exploit and that you've told nobody about, and assuming you have no acquaintances who might screw you over by abusing the bug, 30 days and then Pastebin seems like a decent answer.
If any of your friends are shady, just forget about the bug.
For a CSRF that you didn't use someone else's account to exploit and that you've told nobody about, and assuming you have no acquaintances who might screw you over by abusing the bug, 30 days and then Pastebin seems like a decent answer.
If any of your friends are shady, just forget about the bug.