Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
disclose@infosec.exchange ("disclose.io :verified:") wrote:
Safe harbor makes it safe to report a vulnerability. The other half, talked about far less: report well.
We've cross-posted Daniel Stenberg's (curl) guide to writing vulnerability reports that actually get fixed — with our own commentary on why report quality protects maintainers the way safe harbor protects researchers.
https://blog.disclose.io/what-makes-a-vulnerability-report-excellent/