Unfortunately, I’ve had to shut down the Notoriety section of this page.
The volume of inquiries I receive about this section is 10x higher than anything else I deal with. Hosting a board for security findings has attracted researchers from all over the world—many of whom fire up Kali Linux and hammer my servers and websites with every open-source tool available.
Most of the "findings" are best-practice notes generated from automated checkers. Such as; flagging the absence of an iframe policy to prevent clickjacking. Fair enough… except there’s no login functionality to exploit.
The original intent was to highlight legitimate work by researchers and celebrate the learning process. I’ve enjoyed that. But the sheer volume of incoming messages—helpful or not—has become overwhelming.
While most researchers have been polite and constructive, a few have been rude or disruptive. The “responsible” part of responsible disclosure seems lost on some.
To be clear: Responsible disclosure remains open. I will continue to listen to any credible security issues across my sites. But for now, the Notoriety page is gone, simply because the attention it brings is unsustainable.
I may re-open it in the future—perhaps with a focus only on verified, actionable vulnerabilities. I do genuinely enjoy this part of the web. But right now, it’s too much.
I do genuinely enjoy this part of the web, and I may bring it back in a more sustainable way. Until then, keep on hacking.
Unfortunately, as a small company Westbury Digital isn't in a position to provide financial renumeration for locating bugs and security vulnerabilities though I would like to. However, we do welcome responsible disclosure of these bugs and value the work that is put into finding them.
I understand that it's perhaps not much but we do offer notoriety, a place to display what you have found. Any bugs located on any of my sites I will list your name/handle here with the vunrability you have located and its potential impact.
Table of findings are still here but commented out.
Whats CVSS? It's an open industry standard for assessing the severity of computer system security vulnerabilities between 1 and 10.
Please use the email below to outline what you have found.
Send Email.
Please remember to include;