What is Responsible Disclosure?
Responsible disclosure is a vulnerability disclosure model in which a vulnerability is disclosed after a period of time or once the vulnerability is patched. You can read more about this at BugCrowd: What is Responsible Disclosure?
Unless otherwise stated or agreed upon in written communication, a 45-day disclosure deadline will apply to all bugs and vulnerabilities found by glitchwitch.io research. All findings will be disclosed to the public once either a patch has been made broadly available or after 45 days from the initial report, regardless of the existence or availability of patches or workarounds. Extenuating circumstances, such as active exploitation, threats of an especially serious (or trivial) nature, or situations that require changes to an established standard may result in earlier or later disclosure. This disclosure policy is based on the CERT Coordination Center (CERT/CC) Vulnerability Disclosure Policy.
The following list includes some of the findings by GlitchWitch.io. Reports are assigned a unique “Glitch Witch Advisory” number for reference. All dates are recorded in UTC.