Rare is the occasion when one who researches and responsibly reports web application vulnerabilities is met with an open, immediate, consumer oriented response from a vendor. But so it was when I let the folks who develop Tendenci, a Schipul offering, know about a few XSS issues. These are people who take great pride in their product; had they simply fixed the issue, and perhaps sent back a quick note many days later, I would have accepted that as the typical norm for most responsible vendors.
Yet, Schipul took the process to a new height, raising the bar entirely.
I literally heard back from Schipul's Jennifer Brooks within an hour of notification. Within 24 hours the issues had been addressed, and even more surprising, Tendenci posted the issue and its resolution to their blog, providing customers with a summary and an FAQ.
This rapid, public response exemplifies a company who seeks to protect their brand, their customers, and the end user, all in the same spirit and with the same intent.
To Schipul I say well done, extremely well done, and thank you.
del.icio.us | digg