What is Responsible Disclosure?

Responsible disclosure is a vulnerability disclosure model in which a vulnerability is disclosed after a period of time or once the vulnerability is patched. You can read more about this at BugCrowd: What is Responsible Disclosure?

Disclosure Policy

Unless otherwise stated or agreed upon in written communication, a 45-day disclosure deadline will apply to all bugs and vulnerabilities found by glitchwitch.io research. All findings will be disclosed to the public once either a patch has been made broadly available or after 45 days from the initial report, regardless of the existence or availability of patches or workarounds. Extenuating circumstances, such as active exploitation, threats of an especially serious (or trivial) nature, or situations that require changes to an established standard may result in earlier or later disclosure. This disclosure policy is based on the CERT Coordination Center (CERT/CC) Vulnerability Disclosure Policy.

Report List

The following list includes some of the findings by GlitchWitch.io. Reports are assigned a unique “Glitch Witch Advisory” number for reference. All dates are recorded in UTC.

ID Type Affected Party CVSS3 Status
GWA-2018-008 MV winnipeg.ca NA Patched
GWA-2018-007 AFD shaw.ca 8.1 Patched
GWA-2018-006 ID shaw.ca 4.3 Patched
GWA-2018-005 ID t-mobile.com 5.3 Patched
GWA-2018-004 ID nhpopc.gov.au 9.8 Patched
GWA-2018-003 RCE caamanitoba.com 9.8 Patched
GWA-2018-002 NA undisclosed party NA Patched
GWA-2018-001 ID textnow.com 7.5 Patched