bauruine 4 days ago

>I did some research and found that the app did infact have a responsible disclosure policy which at that point, I was happy to continue forth.

Looks like he did some research before.

On the other hand

>On day 2 I awoke and began by finding some form of contact details, information was somewhat sparse but I managed to find a phone number.

Doesn't a responsible disclosure policy contain contact infos on where to report usually?

1
alp1n3_eth 4 days ago

Weirdly enough... not always.

When it comes to random companies running their own VDP vs. hiring it out, it can be less than standard despite there being lots of resources on setting it up. I've seen ones that only include a phone number, the email address listed doesn't exist anymore, etc.

Others have had to even get to the point of contacting an executive via LinkedIn despite there being a VDP page / security.txt.