Comment by kichik
3 days ago
Nice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.
3 days ago
Nice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.
Yeah...and the fact that they evidently had no responsible disclosure process and ghosted the reporter...for a security product?!
Big yikes.
>.for a security product
I find a lot of 'security products' put their own security at the bottom of concerns.
They may actually start with that focus, but get bought up by VC that turns everything in to a profit center.