Finding bug reports can be a challenge
Another important barrier to adequate vulnerability disclosure is access to the right sales force, a difficult task compounded by the fact that communicating with bug reporters may be low on the list of vendors’ priorities.
“Getting information from the vendor about the status of the bug can be challenging,” says Childs. “Retailers are dealing with a large number of bugs, more than they have faced in the past. What they report to is that the researcher is the most important to them. They have other important things they’re working on, whether it’s developing a fix or hopefully testing a fix before releasing it, that kind of thing. And the connection ends. “
Dealing with small vendors can be more challenging than dealing with large companies like Apple, Google, Microsoft, or Cisco. “Dealing with small suppliers and niche software products, it can be difficult to find where to report bugs,” Childs said. “We even tried to reach out to CISOs and CIOs on LinkedIn to try to report bugs. Send us messages through the support sites to try to report bugs. Sometimes it is reported to one person, but it is not the right person.”
Source link