Re: Where are you guys standing re: the (full) disclosure

[Gary Baribault <gary () baribault net>]

When you say 'security updates' I assume you mean publish the bug, and I
think you're right, as I just stated in the other mail, if the company
is dragging it's feet, threatening legal action (bluffing) or just
leading the hacker on, then to heck with them, let them know when you're
publishing and the publish! Maybe they'll learn, maybe not, maybe the
next hacker will be better treated, probably not.

Gary B


On 12/13/2013 01:32 PM, Jordon Bedwell wrote:
> On Fri, Dec 13, 2013 at 12:15 PM, Gary Baribault <gary () baribault net> wrote:
> > Of course, all software companies would love for the disclosure to wait
snip
> > he should be fine after the release (but IANAL).
>
> To add, in cases where people do release security updates even if a
> fix is pending it's most of the time not to do with the time line and
> more to do with the fact that the entity with the problem are trying
> to silence the "hacker" to prevent embarrassment.  At least from what
> I've noticed and experienced.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/