undefined | Better HN

0 pointsnetheril963y ago0 comments

Care to list some of the bugs?

0 comments

Publishing unpatched bugs is unethical, so no.

If the developer refuses to fix the bugs, and if those bugs pose a risk to other users, there is a strong argument to make that public posting of those bugs is the ethical thing to do.

Sev0 security issues aren't secret just because people who mean well don't talk about them, any sufficiently high valued target is going to have well funded threat actors working to find vulnerabilities. By publicly disclosing the issues, you let other customers know their data is threatened, and then customers can work together to force vendors to fix issues.

mike_d3y ago

I'm well aware. I have enough other data points that I don't think public disclosure meaningfully makes the platform more secure.

A little bit of PR buzz and customer complaints can get a handful of issues fixed, but this is a bit more systemic.

j / k navigate · click thread line to collapse

0 comments

mike_d3y ago

Publishing unpatched bugs is unethical, so no.

com2kid3y ago

If the developer refuses to fix the bugs, and if those bugs pose a risk to other users, there is a strong argument to make that public posting of those bugs is the ethical thing to do.

mike_d3y ago

I'm well aware. I have enough other data points that I don't think public disclosure meaningfully makes the platform more secure.

A little bit of PR buzz and customer complaints can get a handful of issues fixed, but this is a bit more systemic.

j / k navigate · click thread line to collapse