Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
durin42
on Dec 20, 2010
|
parent
|
context
|
favorite
| on:
XSS vulnerability found in Github
End-users aren't who you need to tell. Just site owners. Posting this to HN before it was fixed constitutes (IMO) completely irresponsible disclosure.
mike-cardwell
on Dec 20, 2010
[–]
I agree. I would not have disclosed this particular XSS flaw until after it was fixed.
Stuk
on Dec 20, 2010
|
parent
[–]
Yes, soon after posting I realised it wasn't the best idea I've ever had. I regret posting this before the Github guys got a chance to fix the hole. Not something I'm going to repeat.
vulf
on Dec 21, 2010
|
root
|
parent
[–]
You should report to security@github.com next time.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: