undefined | Better HN

0 pointsmholt8y ago0 comments

Wrong. This is Apple -- not the homeowners -- leaving everyone's key in everyone's door without them knowing.

0 comments

Responsible Disclosure is widely regarded as a good practice in these situations. Blame isn't the key issue - fixing the problem quickly and safely is. Widespread disclosure before Apple have even a chance to respond in a timely fashion is inherently unsafe.

You would hope the self-described twitter bio "Agile Software Craftsman" might have thought about this a little before tweeting.

> https://en.wikipedia.org/wiki/Responsible_disclosure

dsp12348y ago

The poster practiced Full Disclosure, which is also a valid disclosure policy.

Since we're just making up statements, I guarantee that Apple would never voluntarily disclose this issue if it was reported privately. So Full Disclosure is the only way to put Apple's feet to the fire, as it's the only way in which this issue would have had any visibility whatsoever.

https://en.wikipedia.org/wiki/Full_disclosure_(computer_secu...

SahAssar8y ago

Private Disclosure does not prevent you from publicly disclosing it after a grace period.

1 more reply

Bud8y ago

On what basis do you "guarantee" this?

2 more replies

lawnchair_larry8y ago

"Responsible Disclosure" is a term rejected by the industry as a loaded phrase that favors vendors, instead preferring the term Coordinated Disclosure. Even so, reasonable professionals still disagree that this is the best option, in a debate that has existed for decades, so it's by no means settled as the "proper" way.

5ilv3r8y ago

Do you have any good history on this you can link to? Sounds very interesting.

j / k navigate · click thread line to collapse