How To Report A Security Vulnerability Responsibly

How to report a security vulnerability responsibily

Proper disclosure of vulnerabilities is crucial to ensure hackers do not start to exploit end users using the vulnerability in question. It is important that when a vulnerability is found it is essential that the vendor is contacted and the information is shared by secure means so that the vendor may patch it.

Sometimes bounties are given to those that find vulnerabilities, and there is even a website,, where business can list bounties one can get for reporting a vulnerability.

Once a bounty is reported to the vendor in question, will allow some time to roll out a patch and allow end users to some time to ensure that users have enough time to update their systems.

When the window for non disclosure expires, the vendor will publicly disclose the vulnerability, and if there was a bounty it would be paid to the person finding the vulnerability.

DMARC, or Domain Based Message Authentication, Reporting & Conformance, is a way to authenticate email messages originating from ones own domain. This improves deliverability, as well as increases domain reputation but the most important thing to note is that it protects emails from your domain against spoofing, phishing, and abuse.

DMARC is an open standard that everyone can implement

What is important to note that you do not only need to protect yourself from inbound threats, but protect your domain from outgoing email traffic.

Relying on spam filtering only, you give complete responsibility to a 3rd part to filter out the fake emails sent from your own domain. With this as well, legitimate emails might end up in the spam folder as well as emails with malicious attachments ending up in ones inbox.

Domain owners are responsible for who has the ability to send emails on behalf of your domains. In addition to implementing SPF and DKIM, DMARC makes the good messages visible and recognizable to the recipient. Adding DMARC to ones domain informs the receiver how to handle the email when a DMARC Check fails and who to provide feedback to.

Reach out to us at [email protected] for a quote or consultation to begin securing your out going emails against spoofing, phishing and abuse.

Leave a Reply

Your email address will not be published. Required fields are marked *