A security analyst uncovers a privilege escalation vulnerability in a widely used project management web platform that allows standard users to gain administrator permissions. The vendor has no formal vulnerability disclosure policy and historically delays responses to similar issues. Which action best reflects responsible vulnerability disclosure in this scenario?

Question

Accepted Answer

Privately inform the vendor with full technical details and keep a documented timeline of all communication.

Answer

Release a limited proof-of-concept exploit to accelerate community patch development

Answer

Open a public issue but redact exploit details to avoid abuse.

Answer

Withhold technical details unless the vendor agrees to a bug bounty payout.

Answer

Report the issue directly to affected users to reduce immediate risk exposure.

Answer

Wait for external confirmation that the flaw is actively exploited before notifying anyone.

Answer

Notify a group of trusted security researchers and allow them to test before telling the vendor.

Answer

Approach a cybersecurity news outlet to coordinate vendor response through publicity.

Answer

Publish technical indicators of compromise while delaying vendor notification.

Answer

Submit the vulnerability to a commercial vulnerability broker to ensure it is professionally handled.

Crowdly

A security analyst uncovers a privilege escalation vulnerability in a widely use...

Want instant access to all verified answers on moodle.bcu.ac.uk?