oss-sec mailing list archives
How to deal with reporters who don't want their bugs fixed?
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 18 Jan 2018 17:10:05 +0100
Subject says it all: What do you do if you receive a vulnerability report, and the reporter requests an embargo at some time in the future because that's when their paper/conference presentation/patent submission is scheduled?
The obvious approach is to find a prior public report of essentially the same bug and fix that (which will work surprisingly often), but let's assume that this isn't the case.
Thanks, Florian
Current thread:
- How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Kurt Seifried (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Gynvael Coldwind (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Yves-Alexis Perez (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Ludovic Courtès (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Rich Felker (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)