Can I publish an exploit code to after a CVE ID gets assigned?

I have found a vulnerability in a local vendor’s product, who wasn’t found in MITRE’s CNA table. ~~Also, there is~~ ~~no Vulnerability research programs in my country AFA my research went~~.

*Edit: There is, but the application procedure is terrible. Looking into it.*

I intend to email the vendor first and then request MITRE for a CVE-ID. However, I have three questions on the subject.

1. In the event of the vendor not acknowledging my findings (*the chances of this happening is pretty high*), and a CVE-ID gets assigned, can I still publish the exploit code to [](
2. Can I publish a writeup on how I have found the vulnerability once a CVE ID is assigned?
3. On MITRE’s website, they says that the researcher who request a CVE-ID won’t be credited. Is there any way that I could get credited for the vulnerability I found?

This is my first zero day and I don’t know how to proceed further as different websites propose conflicting information on this. Kindly guide me on how to report this.

PS: I am not looking for bounty money; I’m just trying to mark my humble presence into the vast cyber security world.


More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed