Rare is the occasion when one who researches and responsibly reports web application vulnerabilities is met with an open, immediate, consumer oriented response from a vendor. But so it was when I let the folks who develop Tendenci, a Schipul offering, know about a few XSS issues. These are people who take great pride in their product; had they simply fixed the issue, and perhaps sent back a quick note many days later, I would have accepted that as the typical norm for most responsible vendors.
Yet, Schipul took the process to a new height, raising the bar entirely.
I literally heard back from Schipul's Jennifer Brooks within an hour of notification. Within 24 hours the issues had been addressed, and even more surprising, Tendenci posted the issue and its resolution to their blog, providing customers with a summary and an FAQ.
This rapid, public response exemplifies a company who seeks to protect their brand, their customers, and the end user, all in the same spirit and with the same intent.
To Schipul I say well done, extremely well done, and thank you.
del.icio.us | digg
Monday, February 18, 2008
Subscribe to:
Posts (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...