- Beginning of 10.2011: OWASP was informed (including details) that the OWASP membership registration has a logic flaw (“please inform vendor”).
- Beginning of 10.2011: Response from OWASP, vendor can not reproduce problem. Sent more details.
- Beginning of 10.2011: Response from OWASP, vendor still can’t reproduce problem. Sent video below.
- 19.10.2011: Bug report opened.
- 15.02.2012: Checked back and asked OWASP if problem is resolved.
- 26.02.2012: They don’t know. Checked flaw again, it still exists. Advised OWASP to get in touch with one of the organisation’s security expert to handle the issue (no response from OWASP).
- 30.03.2012: Checked flaw again, it still exists. Informed OWASP and vendor directly that the video will be released in two weeks if it doesn’t get fixed.
- 30.03.2012: Response from OWASP, they would find a solution until end of April. Agreed to wait until end of April.
- 04.04.2012: Response from vendor, it’s fixed.
In my opinion half a year is long enough. Putting on some more pressure (regarding the release of the video) worked very well. I felt like I owe it to all the paying OWASP members.
Enough words, enjoy the video: http://www.floyd.ch/download/free-owasp-membership.mov