Resource person
56 views
Skip to first unread message
Pro Coder 101
Aug 24, 2023, 11:47:43 AM8/24/23
to FIDO Dev (fido-dev)
I know it is a weird question and it doesn't really belong here. If I found a vulnerability in a certain type of authenticator that actually makes it vulnerable to certain sophisticated social engineering attacks, whom do I talk to about it? I don't want to discuss it publicly as it might be a zero day and various enterprises might be affected by it.
Any help would be appreciated.
Tim Cappalli
Aug 24, 2023, 11:53:11 AM8/24/23
to Pro Coder 101, FIDO Dev (fido-dev)
You should disclose it to the authenticator vendor through their disclosure process, typically found on their website.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAN%2B3J_gui72m%2BTuxz94G13g01RviaSJOot8oXDmpzG%3D1i7yzMg%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAN%2B3J_gui72m%2BTuxz94G13g01RviaSJOot8oXDmpzG%3D1i7yzMg%40mail.gmail.com.
da...@fidoalliance.org
Aug 28, 2023, 8:56:35 PM8/28/23
to Tim Cappalli, Pro Coder 101, FIDO Dev (fido-dev)
In addition to contacting the vendor, you can send it to security-s...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CH0PR00MB1415467D3D3A01B2AD3DADDC951DA%40CH0PR00MB1415.namprd00.prod.outlook.com.
Reply all
Reply to author
Forward
0 new messages