"Responsible disclosure" is only responsible if the vendor fixes the bug right away. Otherwise it's making our industry's complacency worse.
-
-
Replying to @BRIAN_____
@BRIAN_____ I've been planning a blog post on that for months, arguing for a slightly different interpretation... (1/2)1 reply 0 retweets 0 likes -
Replying to @adamcaudill
@BRIAN_____ Responsible disclosure as a term makes a lot of sense, when you see it as disclosing in the way most responsible for users.1 reply 0 retweets 0 likes -
Replying to @adamcaudill
@BRIAN_____ As researchers, the first priority should be protecting users - not helping vendors, not fame, but doing what's right for users.1 reply 0 retweets 0 likes
Replying to @adamcaudill
@adamcaudill I'm not a security researcher; I'm normally the vendor. "Responsible disclosure" is good short-term (1 bug), bad long-term.
8:32 AM - 20 Nov 2014
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.