Vulnerability disclosure is a widely recognized practice in the software industry, but there is a lack of literature detailing the firsthand experiences of researchers who have gone through the process. This work aims to bridge that gap by sharing our personal experience of accidentally discovering a DNS vulnerability and navigating the vulnerability disclosure process for the first time. We document our mistakes and highlight the important lessons we learned, such as the fact that public disclosure can be effective but can also be more time-consuming and emotionally taxing than anticipated. Additionally, we discuss the ethical considerations and potential consequences that may arise during each step of the disclosure process. Lastly, drawing from our own experiences, we identify and discuss issues with the current disclosure process and propose recommendations for its improvement. Our ultimate aim is to provide valuable insights to fellow researchers who may encounter similar challenges in the future and contribute to the enhancement of the overall disclosure process for the benefit of the wider community.

漏洞披露是软件行业广泛认可的做法，但缺乏详细介绍经历过这一过程的研究人员的第一手经验的文献。这项工作旨在通过分享我们意外发现 DNS 漏洞并首次完成漏洞披露过程的个人经验来弥补这一差距。我们记录我们的错误并强调我们吸取的重要教训，例如公开披露可能是有效的，但也可能比预期更耗时、更费力。此外，我们还讨论了披露过程每个步骤中可能出现的道德考虑因素和潜在后果。最后，根据我们自己的经验，我们确定并讨论当前披露流程的问题，并提出改进建议。我们的最终目标是为未来可能遇到类似挑战的研究人员提供有价值的见解，并为加强整体披露流程做出贡献，以造福更广泛的社区。