Comment by nikcub

13 years ago

Poor form not crediting Homakov, GitHub. Credit means a lot to security researchers (that is all a lot of us are working for).

If you aren't even giving simple credit, you are asking to be compromised the next time an issue is found. GitHub is large enough and prominent enough where it should have an entire bounty program, let alone giving a blogger a link.

4 comments

nikcub

homakov 13 years ago

github is business after all — i think they just forgot about me/my post. also they told me previously moving to a new domain is an old idea.

niggler 13 years ago

" i think they just forgot about me/my post"
If you found an exploit and sold it to someone, you would be richer and they wouldn't forget you :)

briandoll 13 years ago

We've got a list of security researchers who have disclosed vulnerabilities to us responsibly (including Homakov) on our help site: https://help.github.com/articles/responsible-disclosure-of-s...

derefr 13 years ago

That's sort of the opposite scale to what the (greyhat) security community would expect, though. Try tacking an HTML5 scroller (with an original SID composition) onto the end of the announcement, crediting the researcher. ;)