About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

No, Panera Bread Doesn’t Take Security Seriously- 34

Dylan Houlihan Posted 6 Years Ago
  • This report is just the industry in a nutshell...Every company claims to take your security very seriously but very few do.
  • In addition, reporting security vulnerabilities is really difficult! How do we report vulnerabilities in such a way that people take it seriously (serious enough to fix it), do not think it is a scam and are willing to publicly admit it.
  • In this case, Panera Bread had a serious information disclosure that they should have patched. At what point do sit on it, hoping that the company will fix it. Or, do you just post your findings and move on?
  • Overall, you just hope that the company takes you seriously...Otherwise, you have to make the decision to go public or not. Going public, before they fix the vulnerability, allows for attackers to exfiltrate the data. However, it also forces Panera Bread to fix the issue.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed