Hi all,
I am using Censys Search as part of my research.
If I happen to discover an undisclosed vulnerability while using Censys, what are the expected disclosure procedures for both identifiable and non-identifiable hosts? For example, how can I disclose vulnerabilities to hosts with only IP:port metadata and no domain names? For those with domains/contacts, I should reach out to them directly right?
Thank you for your support,
