Posted by Egidio Romano on Mar 03

Hello list,

Tonight I’d like to share with you my latest blog post. Seeing my personal experience with the
Magento bug bounty program (and even experiences from other security researchers), it looks like
they truly believe in a “security through obscurity” methodology. I’m quite disappointed by the
fact they tried to downplay the severity of my vulnerabilities, silently patching them after
several months, without letting me…