> The only other people that see the vulnerability are the select few in > upSploit.
OK. You should probably document that, and make it clear that this policy will not change without the reporter's explicit consent. It's an interesting project - but you guys are working for security software vendors and security consultancies, so I think it's important to clarify. > Use it once for something you may not care about to much and see how it > works for you. Well, that's not the point - the real question is what happens with valuable vulnerabilities. But really, I'm not criticizing. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
