oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to deal with reporters who don't want their bugs fixed?

From: Solar Designer <solar () openwall com>
Date: Fri, 26 Jan 2018 20:15:03 +0100
On Fri, Jan 26, 2018 at 05:48:14PM +0000, Mikhail Utin wrote:

I 100% agree with Solar's response. We should not limit our freedom to choose how we will handle our intellectual 
property. That is how I read the original statements below.


Oh, so-called "intellectual property".  I'm not thinking in such terms.

What I meant is that projects expecting to receive vulnerability reports
are not to be obliged by some industry standard to impose any specific
rules on the reporters.  This does mean that, among other things, those
projects do not have to insist on a maximum embargo time (even though I
advocate that they do), and as a side-effect this might assist someone
probably selfish with monetization of so-called "intellectual property".

Basically, you saw what you wanted to see.  Yes, it's kind of there, but
it wasn't in focus.

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: