Learning from a failed responsible disclosure process

by Robin Meis
I'd like to give some insights into the disclosure process of security issues in electronic classbooks. A lot of things went wrong before public disclosure and resulted into unpatched issues when first information were published. I'd like to discuss what went wrong and how these problems may have been avoided.

Documentation

virtual
0000 virtual

CMD - Computer, Menschen, Dinge e.V.
c/o Guido Schmitz
Schwarzer Weg 4
54293 Trier

Der CMD e.V. ist beim AG Wittlich unter Registerblattnr. VR 40963 eingetragen.

Vorsitzender: Dr. Daniel Fett, daniel.fett@cmd-ev.de, Tel. +49 651 49368629
stv. Vorsitzender: Guido Schmitz, guido.schmitz@cmd-ev.de, Tel. +49 651 49368629

Beide Vorsitzende sind jeweils einzeln vertretungsberechtigt.