Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How much time is appropriate for fixing a bug?

From: Georgi Guninski <guninski () guninski com>
Date: Fri, 6 Jul 2012 17:33:26 +0300
On Wed, Jul 04, 2012 at 10:49:18PM +0200, Jann Horn wrote:

After having reported a security-relevant bug about a smartphone, how long would
you wait for the vendor to fix it? What are typical times?

I remember telling someone about a security-relevant bug in his library some time
ago - he fixed it and published the fixed version within ten minutes. On the
other hand, I often see mails on bugtraq or so in which the given dates show that
the vendor took maybe a year or so to fix the issue...





when i was young i asked a similar question.

if you ask me now, the short answer is "fuck them, if you are
killing a bug the time is completely up to you." 
responsible disclosure is just a buzzword (the RFC on
it failed).

you have bugs, they don't have.

-- 
good luck

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: