Basically one where it is possible to report a vulnerability on a website without worrying about the other side throwing a tantrum and accusing the messenger with 'malicious hacking'?
It is a sad state of our industry that this is needed, but with the current computer criminal laws making all internet users a potential criminal, it is too risky to put a carrer in a the hands of the company that created the vulnerable product or service.
Ideally this service would allow:
- Anonymous reporting of a vulnerability in XYZ product or website (in a way that it is not possible to trace back the entity/person who reported the vulnerability)
- Data encryption so that only the target company/owner could see the information
- Two way communication channel between both parties
- All details published after the vulnerability is fixed (with maybe sometime made available for patching)
Btw: If you think that there should be no anonymity on the internet, read the Hacking the Future, Privacy, Identiy and Anonymity on the Web
