What to do if you find a vulnerability in a competitor's site?

Posted by user17610 on Programmers See other posts from Programmers or by user17610
Published on 2011-02-17T21:47:36Z Indexed on 2011/02/17 23:33 UTC
Read the original article Hit count: 217

While working on a project for my company, I needed to build functionality that allows users to import/export data to/from our competitor's site. While doing this, I discovered a very serious security exploit that could, in short, perform any script on the competitor's website.

My natural feeling is to report the issue to them in the spirit of good-will. Exploiting the issue to gain advantage crossed my mind, but I don't want to go down that path.

So my question is, would you report a serious vulnerability to your direct competition, in order to help them? Or would you keep your mouth shut? Is there a better way of going about this, perhaps to gain at least some advantage from the fact that I'm helping them by reporting the issue?

Update (Clarification):

Thanks for all your feedback so far, I appreciate it. Would your answers change if I were to add that the competition in question is a behemoth in the market (hundreds of employees in several continents), and my company only started a few weeks ago (three employees)? It goes without saying, they most definitely will not remember us, and if anything, only realize that their site needs work (which is why we entered this market in the first place).

I confess this is one of those moral vs. business toss-ups, but I appreciate all the advice.

© Programmers or respective owner

Related posts about business

Related posts about security