> It's not really so much about "who do I contact if I find a security problem on a website
Cannot confirm. I bought a windshield for my '01 Ford Focus and found a major security bug on their site [1] (they linked a JS file from a non-existant domain)
I talked to CERT, the clerks at the store, tried to contact the owner on linkedin; heck it was even published in one of the largest newspapers of my country but never got anyone who understood the problem or cared.
In the end the bug was fixed because I wrote them on facebook and the kid who's job it was to manage their facebook site was also the web admin
haha, It gets worse when the guy at facebook employee says "Oh I get it, but i can't fix it and I won't try to get it fixed either.", And you so wanna teach them a lesson but just can't.
Cannot confirm. I bought a windshield for my '01 Ford Focus and found a major security bug on their site [1] (they linked a JS file from a non-existant domain)
I talked to CERT, the clerks at the store, tried to contact the owner on linkedin; heck it was even published in one of the largest newspapers of my country but never got anyone who understood the problem or cared.
In the end the bug was fixed because I wrote them on facebook and the kid who's job it was to manage their facebook site was also the web admin
[1] https://blog.haschek.at/2019/threat-vector-legacy-static-web...