Comment by nikcub
13 years ago
Poor form not crediting Homakov, GitHub. Credit means a lot to security researchers (that is all a lot of us are working for).
If you aren't even giving simple credit, you are asking to be compromised the next time an issue is found. GitHub is large enough and prominent enough where it should have an entire bounty program, let alone giving a blogger a link.
github is business after all — i think they just forgot about me/my post. also they told me previously moving to a new domain is an old idea.
" i think they just forgot about me/my post"
If you found an exploit and sold it to someone, you would be richer and they wouldn't forget you :)
We've got a list of security researchers who have disclosed vulnerabilities to us responsibly (including Homakov) on our help site: https://help.github.com/articles/responsible-disclosure-of-s...
That's sort of the opposite scale to what the (greyhat) security community would expect, though. Try tacking an HTML5 scroller (with an original SID composition) onto the end of the announcement, crediting the researcher. ;)