Hello, Allow me to fix this for you: > On 6 Mar 2018, at 20:04, filipe <filipe.xavier@xxxxxxxxxxxxxx> wrote: > > =====[ Timeline of disclosure > ]=============================================== > > 01/24/2018 - Vendor was informed of the vulnerability. > 01/29/2018 - Vendor did not respond. 01/25/2018 - We replied notifying you that we’ve opened a ticked with the relevant team 01/26/2018 - We asked for a working PoC 01/31/2018 - You replied with a theoretical “PoC” (no code, just a few steps which didn’t really help, sadly) 02/01/2018 - We replied asking for a script, a piece of code, a video, anything that backs up your claim since we didn’t reproduce it based on the steps you provided. 02/12/2018 - We notified you that we closed the ticket since you stopped replying > 01/24/2018 - CVE assigned [2] > 03/06/2018 - Advisory publication date. We take our bugbounty programs very seriously and other than some Nigerian princes and fake LinkedIn invites we reply to _all_ reports, valid, invalid or incredibly ridiculous alike. As such, you may imagine why, when we saw an advisory with our name saying “Vendor did not respond”, the team felt a bit disappointed for failing to reply for the first time in a few years. Thankfully this was not the case. If you still believe this is a genuine issue, exploitable in real life and you have some evidence to back that up, let us know and we’ll gladly reopen the ticket. Cheers, — Alex “Jay” BALAN Chief Security Researcher Bitdefender
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/