Disclosure Policy

I maintain the following policy of responsible disclosure:

  • I will announce vulnerabilities via techblog.
  • Vulnerabilities are published if no response is received from the author of the vulnerable product within one week of initial contact.
  • If response is received, disclosure is coordinated with product vendor.