Comment by taneliv
1 month ago
I should have known this exists, yet I didn't. Thanks for pointing it out.
This seems to be a direct link to a web form to report (in English): https://eservices.traficom.fi/ContactForms/form/haavoittuvuu...
In particular, note that all the fields asking for personal information disappear if you select "Yes" in "I am submitting an anonymous tip" field.
Just to play devil's advocate, couldn't sending zero-day exploits to a foreign nation's intelligence service potentially cause the sender significantly more trouble.
Finland is a NATO country, so for most people on this site you would be sending it to a government agency of an allied nation. Punishing that would make it look like you don't trust your allies
The other angle is that you are obviously doing it in good faith, on the assumption that they will try to work with the vendor to fix and responsibly disclose the vulnerability
It depends on the country apparently:
"Israel reached out to US hackers for ‘Zero Days’ tools" - https://www.timesofisrael.com/israel-reached-out-to-us-hacke...
Because... your home country or affected company could consider it espionage? Sounds like a stretch.
Just to play devil's advocate
Why?
Because information asymmetry benefits those with the information. If the devil understands your argument, and you don't understand the devil's argument, the devil will have information advantage.
1 reply →
it's a good question