And there's also the API - http://api.stackexchange.com

And the Data Explorer (use SQL in the browser to query the Stack Overflow database): http://data.stackoverflow.com

Thanks, thats great..

Not sure what issue you're referring to, but you can reach us through the contact form linked at the bottom of every page on our Q&A sites (like the one you found) or by email to team@. Mentioning something like "security vulnerability" in the subject or the body will help get it looked at faster.

Edit: checked internally, and this specific issue is being fixed as we speak.

Thanks, I've done that now, hopefully you can find my submission I did put 'security vulnerability' as the top line in the body. If that doesn't narrow it down search for 1635976 also in the body.

It's an either an information disclosure issue or an authorization issue (depending on your point of view), I won't say more on here.

I'm curious what you found - once they get it fixed, would you mind sharing in some form?

These aren't mutually exclusive goals. We have people dedicated to growing and maintaining the community (on Stack Overflow, as well as the other sites in the Stack Exchange network), people who work on large feature areas (e.g. Documentation), yet more people who are focused on the Jobs and hiring/recruiting experience for developers, etc.

I'm more curious to know how these affect the profits of StackOverflow and what gets more bang for the buck or if random ideas are being tried out seeing which one sticks.

We have plans to eventually add Documentation to the data dump we already produce of the Q&A content (and hook it into the API, etc.)

If for some reason Documentation doesn't really take off or work and we end up scrapping the project, we'll produce a final dump of all content at that point.

Yeah, that's kinda what we're thinking. If it were malicious, the question itself would be unlikely to actually look like a real honest question, too. It'd just be a bunch of garbage input.

I dunno that I'd say an enterprise app is inherently more valuable than Stack Overflow. ;)

But to be clear - it's not that we never do reviews. It's more that we have an "ask for it when you need it" type of policy. New hires get regular reviews, so initial architecture/style concerns are addressed then... along with teaching the logistics of our code reviews (push to a branch & submit a merge request).

Two per site - one for main Q&A, one for its meta.

You couldn't do one with some different tables? What was justification for both separate DB's and the Q&D/meta split? Just curious.

If you did different tables, that's even more complicated by making every query dynamic. It also makes backups, etc. far more complicated as well. Multiple databases is simply the simplest solution for multiple things that need a database with the same schema :)

Appreciate the tip.

Well, we do run IIS for realsies: http://meta.stackexchange.com/questions/10369/which-tools-an.... :)

Basically, yes. This happened: https://twitter.com/atimmer10/status/560568418945236995.

How long did it take to figure out it occurred? Do you have any stats on how many people hit that machine?

Would be hilarious if someone who went to SO to figure out why the IIS splash was showing instead of his app happened to hit that page.

It took about 20 minutes to notice and fix. The Twitter alerting system let us know really quick.

We have that. http://meta.stackexchange.com/questions/96732/how-do-i-remov...

That appears to say you have "you could ask, a mod might action it, but if they're opposed you might be able to beg a dev to ..." That is to say, you really don't "have that".