undefined | Better HN

0 pointsmrmondo8y ago0 comments

> "The fact is that the devs certainly do know about it by now, yet users do not have a fix yet."

Citation needed.

> "It is best for users to know that their system is vulnerable, and how to fix that without waiting for a system update."

Stepping outside the 'tech' social bubble, most general users likely won't create a root account and password from something they see on TV or their local news site or at least not before a patch would have been released.

Further to previously provided examples:

https://www.cloudflare.com/disclosure/

https://access.redhat.com/security/team/contact

https://www.xenproject.org/security-policy.html

https://about.gitlab.com/disclosure/

https://help.github.com/articles/responsible-disclosure-of-s...

https://www.kernel.org/doc/html/v4.10/admin-guide/security-b...

https://www.drupal.org/drupal-security-team/general-informat...

https://www.cisco.com/c/en/us/about/security-center/security...

https://www.juniper.net/us/en/security/report-vulnerability/

0 comments

thomastjeffery8y ago

> Citation needed.

Has there been an update released yet? I wouldn't know, I don't use OS X.

Is this the best way to report a security flaw? Of course not! Is it a bad way? No! The only bad way to report a security flaw is to not report it at all.

mrmondoOP8y ago

>> Citation needed.

> Has there been an update released yet? I wouldn't know, I don't use OS X.

I think you might have misunderstood what I meant when when asking for citation, it's based on the statement you made in relation to citing sources for what something that could be opinion stated as fact.

https://libguides.mit.edu/citing

> Is it a bad way? No!

OK this is where I stop feeding the troll.

j / k navigate · click thread line to collapse