Sometimes the AGRS analyzes existing systems for security problems. And sometimes, we just accidently run into security related bugs. In most cases, the problem is solved in close contact with the vendor and the vendor informs its customer about the details.
When there are a lot of affected users or if we do not get any support by the vendor at all, we publish our findings here.
The advisories represent the state at the time of publishing. In the meantime, the problem may be solved or may be reintroduced by a software update.
Vendor Contact for Vulnerability Finder
finder of security related bugs, just want that the bug gets fixed and
that all affected user get informed. However, many finders do not want
to spend much time to identify the right contact persons just to spend
even more time to convince them that the risk is real. Some are even
afraid about potential legal actions.
In both cases, we can help with negotiating with the vendor, registering a CVE number , and if necessary publishing an Advisories. We can act either as an anonymizing proxy or in the name of the finder.