undefined | Better HN

0 pointsjlgaddis8y ago0 comments

"as irresponsibly as he did" is how all vulnerabilities were announced, at one time. I miss those days, personally.

Nowadays, you're "irresponsible" if you don't follow some vendor's own made up procedures.

0 comments

You can follow your own procedures - decide for yourself how long you think it is reasonable for the company to mitigate in private. But give the company some time.

MatthewWilkes8y ago

Why? You're not an employee, you're a concerned citizen. You havr no obligations to vendors whatsoever. Now, I think it's nice to do responsible disclosure, and I certainly don't envy the people whose week has been ruined, but the discoverer of this bug did nothing wrong.

ptlu8y ago

It is about the increased risk fellow users will have due to this style of disclosure. Who cares about the vendor, but they are best situated to resolve the issue quickly for everyone.

j / k navigate · click thread line to collapse

0 comments

Angostura8y ago

You can follow your own procedures - decide for yourself how long you think it is reasonable for the company to mitigate in private. But give the company some time.

MatthewWilkes8y ago

ptlu8y ago

It is about the increased risk fellow users will have due to this style of disclosure. Who cares about the vendor, but they are best situated to resolve the issue quickly for everyone.

j / k navigate · click thread line to collapse