Our Google contact also pointed out:
In the interest of minimizing the impact that security vulnerabilities have on our end users, we highly encourage anyone who discovers a vulnerability in a Google product or service to follow responsible disclosure policies by contacting us first at security/at/google/dot/com .
I'm sure most users of gmail would rather have security issues handled like they suggest above instead of having it published on some blog first, next some reader finding it and us finally doing the right thing.
Is it that much to ask to send it off to the vendor first ? Even if some vendors wait like forever, or take years to fix things. Not all of them are that way, so let's at the very least give them a heads-up warning.
And if you cannot find the address where to do it, we'll gladly help you search for it.
Mar 2nd 2006
1 decade ago