The deadline for the elimination of vulnerability — how you can publish?

Given: a serious vulnerability in the popular company. The vulnerability, if desired, can hurt the financial (and very strong) and reputational (the money of citizens, clients this company).

The vulnerability reported this company as it should be by phone or letter, painted the whole scheme. Got the answer - took note.
It took 2 weeks. Decided to ask - how are closed or not. Reported that the result of closing or not closing, they will not be misleading. And whether it exists at the moment - don't want to know.

Try to reproduce it - how would a criminal offense and spend their money don't want to check.

Question: what do the terms in our criminal code to publish it on the information resource to stimulate its elimination? How much wait time?
Want to expose yourself do not want, if you suddenly run to check it. It will blow! Not interested in this, too.
July 8th 19 at 12:23
5 answers
July 8th 19 at 12:25
No deadlines, no on legislation.
Why would they be?

You have found a vulnerability, reported.
Then what do you want?
The company took note.
What more do you want?

to stimulate its elimination?
As you can stimulate its elimination?
Why did you decide that it will be fixed?

Purely human, if you tell me that in my office, the window is not closed, and through it can get an attacker - I say thank you.
If you then will walk and wonder - why is it still not closed, I very impolite to say that it is generally none of your business.

According to the law to know that such information is not prohibited, you can share it too, is not prohibited.
Although if you're trying to climb in an open window, or will someone instigate this, then it is a punishable act.
Just on here )

There is not a window is not closed, then you can write off the money in any quantity. This report is the effect terrible. And consequences.

Start digging - find out what is the mass hacking was preceded by an article on habré how this hacking to repeat.

So you want a purely legal know - how safely. Others published after the closing - that was. And repeat can not - it is closed.
But here company is not going to meet except thanks goodbye have not received anything from them. - tia.Stroman commented on July 8th 19 at 12:28
: To inform or not is purely your business.
Could it get you hurt - depends on the situation, and from what you said, and how it got the information.

And the company then why should you go to a meeting? She is why it is necessary?
On the contrary. - earl.Weissnat commented on July 8th 19 at 12:31
: a vulnerability was obtained by performing standard operations on the cash provided by the company. no one purposefully did not dig. when I realized what happened. checked on the other, also a client of the company. friend at once to repair the damage.
then wrote to the company and all painted.

the vulnerability is not just a simple mistake. there's a hole.
if you want you can go to another country and obankrotit it to the fullest. but no such purpose.
the goal is to close the hole. all slept peacefully. and the company and the customers. - tia.Stroman commented on July 8th 19 at 12:34
"If you then will walk and wonder - why is it still not closed, I very impolite to say it's none of your damn business."
Often it turns out that the back side of the building not just walls, but the building is the garden (where goes your baby), and stored your money, and lives mistress

So it seems like it's your business, and to do about anything, except posting a picture of the building - marilyne_Roh commented on July 8th 19 at 12:37
Any application or system vulnerable.
There are mistakes and holes. Without this in any way.
If they are aware of, when possible and desired fix. If you do not know or there is no ability or desire to leave as is.
The case of a particular person or business.

In most cases - until you or someone else is not using this vulnerability, all on her drum. - earl.Weissnat commented on July 8th 19 at 12:40
: The fact of the matter is that it's none of your business.
If you somehow infringe upon, harm you, show your claim is the one who does it.
If you are not harmful, but worried - do not use this service, do not go to that house.

And as it is clearly to force the owner of the building to repair the wall you can't. - earl.Weissnat commented on July 8th 19 at 12:43
: the problem is that I can't post a picture of the back of the house without walls - marilyne_Roh commented on July 8th 19 at 12:46
: Well, what can't, that's your problem. - earl.Weissnat commented on July 8th 19 at 12:49
July 8th 19 at 12:27
purely legally = any publication you will be assessed as incitement, regardless of the time
> any publish you will be assessed as incitement, regardless of the time

Source, please. - tia.Stroman commented on July 8th 19 at 12:30
July 8th 19 at 12:29
Score
Not work where they live without cover comrade major
Not work if the company has babaulti
July 8th 19 at 12:31
publish prior information without disclosing details of the vulnerability classification, potential risks to customers, the timeline interaction.
there is preliminary information at once would reveal the essence. even if I won't mention the company name will be enough to through several companies in the same direction and get what you want.
there is no requirement of specificity of some sort. all on the surface.
the vulnerability can reproduce other clients, with high probability. without realizing it.
why had not found is unknown. can someone zabagovan new version of the product. and opened up a hole. unknown. - tia.Stroman commented on July 8th 19 at 12:34
: if you don't disclose the vulnerability, and notified customers about the potential risks - you may not be claims. - earl.Weissnat commented on July 8th 19 at 12:37
: I'm not a lawyer. and I don't know what could be. so I'm asking.
one thing purely human - that we are active in the country - and quite another - the law - which is also not really working - but at least something. - tia.Stroman commented on July 8th 19 at 12:40
July 8th 19 at 12:33
In the criminal code about it all is, the punishment is decent, if they go to court.
Just drive in and everything.
and give links to the article of the criminal code. or maybe where to read about it all you can - tia.Stroman commented on July 8th 19 at 12:36
: 272 OF THE CRIMINAL CODE - earl.Weissnat commented on July 8th 19 at 12:39

Find more questions by tags Jurisprudence in ITInformation securityPayment systems