upSploit aims to bridge the gap between security researcher and vendor. By using our simple and easy to use Advisory Management Solution the researchers can be assured that the correct vendor is alerted to the problems found. Our policy is: Automated fair distribution.
From the moment the user submits the advisory the whole process is automated. The vendor is alerted instantly to the problem and we allow up to 180 days for a reply.
We send an email once every month and in the final month send one every week. This process aims to alert the vendor as much as physically possible to the advisory. If no reply is received within the 180 days then we will release the vulnerability onto our database only. This aims to create a co-ordinated disclosure between researcher and vendor.
If the vendor does reply the advisory is then submitted to a number of different databases across the Internet. This can be done anonymously and is all free and part of the service.