Reporting a vulnerability

What do people typically include in an email when informing a company or individual of a web vulnerability on their site?

Also, what is the best way to followup if a company or individual responds by stating the vulnerability is a "joke" or "not worth fixing"?

You need to be a member of OWASP to add comments!


Email me when people reply –