I emailed Eddie about a vulnerability in hotcrp but have yet to hear back. So, I'd like to ask about the best way to disclose security issues.
Reporting via Email feels very unreliable, as some mail servers filter attachments with source code and others filter encrypted archives to avoid the abovementioned filters. Similarly, posting it here is obviously wrong, as it affects most major security conferences using hotcrp.com.
Hi all,
I emailed Eddie about a vulnerability in hotcrp but have yet to hear back. So, I'd like to ask about the best way to disclose security issues.
Reporting via Email feels very unreliable, as some mail servers filter attachments with source code and others filter encrypted archives to avoid the abovementioned filters. Similarly, posting it here is obviously wrong, as it affects most major security conferences using hotcrp.com.
Cheers, David