@BRIAN_____ the term is out of favor: implies burden is on the discloser, obscures vendor's responsibility. "Coordinated" disclosure?
-
-
-
@dveditz Mozilla seems better than most regarding "coordinated" vs. "responsible." I think "coordinated" is too positive for what's typical.
End of conversation
New conversation -
-
-
@BRIAN_____ I've been planning a blog post on that for months, arguing for a slightly different interpretation... (1/2) -
@BRIAN_____ Responsible disclosure as a term makes a lot of sense, when you see it as disclosing in the way most responsible for users. -
@BRIAN_____ As researchers, the first priority should be protecting users - not helping vendors, not fame, but doing what's right for users. -
@adamcaudill I'm not a security researcher; I'm normally the vendor. "Responsible disclosure" is good short-term (1 bug), bad long-term.
End of conversation
New conversation -
-
-
@BRIAN_____@munin so what do you suggest it the vendor fails to take action? In what timeline?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.