undefined | Better HN

0 pointssaas_co_de8y ago0 comments

> Disclosing an 0Day root authentication bypass vulnerability on Twitter isn't cool

no one is under any obligation to sweep company's security problems under the rug for them.

If companies create incentives for people to share vulnerabilities with them first, great, but no one is under any obligation to participate in those programs.

Don't ship broken software if you don't want pie in your face.

0 comments

azernik8y ago

Forget the company. This harms users, who are not responsible for causing these issues; for all except the most technical 1% of Apple users, keeping the problem secret while Apple works on a quick patch is much more secure than telling the whole world immediately.

flukus8y ago

If it harms the company then they will take it more seriously and it will protect users more in future. If it doesn't harm the company then they have no incentive to change.

rched8y ago

This isn’t about what’s best for Apple it’s about what is best for users. The way this was disclosed was bad for users.

1 more reply

j / k navigate · click thread line to collapse