the.com/responsible disclosure
find the bug, tell the company first, tell the world second — hacking with manners.
means a practice where security researchers privately report vulnerabilities to the affected organization and give them time to fix it before going public.
from emerged in the late 1990s as hackers and vendors fought over full disclosure versus silence; the compromise let researchers publish after a grace period, usually 90 days.
coined bysecurity researcher Rain Forest Puppy, 1990s
standard window90 days is common industry default
often paidbug bounties reward disclosure over silence
opposite existszero-day sale skips the company entirely