Open in app

Sign in

Write

Sign in

So at the end of 2022, The New York Times Cyber Security Team deployed a single text file to the main nytimes.com website with the hopes of not only improving the ability for people to find out where to submit these kinds of vulnerabilities, but also encouraging more organizations to implement the same standard themselves.

Making Reporting Effortless, Especially for Security Researchers
91
5

The NYT Open Team

Max Can't Help It!
1 min readJan 30, 2023

--

I go there...

By submitting a vulnerability to The New York Times through ResponsibleDisclosure.com, you agree to the Terms of Service.

"Terms of Service". So the person trying to HELP YOU is supposed to be signing legal forms? Ooookaaayy. Right away, the NYT is making it difficult to improve security. You've ALREADY lost to the lawyers.

Seem to be doing the exact counter-productive behavior you explained in your piece.

There should be a box for anonymous tips. like

My friend works at the NYC, I think in your stats depts, and he says he can bring you whole system down and he's on drugs.

SUBMIT

How helpful is that. Don't know. But it's better than nothing?

I applaud what you're trying to do.

While I'm here, your tip page begins "Do you have the next big story? Want to share it with The New York Times? "

No wonder most people don't trust the news. Are you interested in news or sensationalism?

The file should have more stuff on security, even if it's the top 5 places to report stuff too.

Anyway, good luck.

--

--

Max Can't Help It!
Max Can't Help It!

Written by Max Can't Help It!

3.7K Followers
306 Following

Trying to connect what hasn't been connected.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams