In early November, I found several Cross-Site Scripting vulnerabilites on the official website of the bavarian social democrats (also called “SPD” – which is the oldest political party in Germany) and immediately notified the official press office about the flaws. It took some days until I received an answer, which is OK for such a big government-run website…honestly ? I did not even expect a reaction after the notification, because many big sites have a quite complex bureaucracy system behind, which is sometimes hard to deal with.
So I was pretty amazed about the fast implementation of the needed fixes for all reported flaws. Great to see that at least one of our political parties do understand how to deal with security issues. Thanks for the friendly and professional contact without any form of bureaucracy!
Reference: http://security.inshell.net/advisory/44