Heck, the paper would be *improved* by including relevant discussion about vendor responses and fix approaches and indeed many do so.
-
-
Replying to @marcan42
Imo don't complain someone is taking fame and reputation as reward for their work unless you're offering some other form of currency
1 reply 0 retweets 0 likes -
Yes it's selfish and self-serving. So what? So is charging for the software I make instead of making it freeware.
1 reply 0 retweets 0 likes -
Replying to @zofrex
There is a significant moral difference between withholding access to software and withholding vuln info, esp. for something this widespread
1 reply 0 retweets 0 likes -
Replying to @marcan42
Why? Withholding vuln info is no different practically to not discovering the vuln at all. And you can't compel people to discover!
1 reply 0 retweets 0 likes -
Replying to @zofrex
It's an effort/reward issue. Disclosing early doesn't cost you anything extra but helps everyone. What was the point of it?
1 reply 0 retweets 0 likes -
You can't compel people to discover but you can damn well ask them to be reasonable once they do.
1 reply 0 retweets 0 likes -
Discovery takes lots of effort. Disclosure takes some effort. Timely disclosure when you're already writing a paper takes negligible effort.
1 reply 0 retweets 0 likes -
Replying to @marcan42
There's quite a large effort gap between "I think I've found something" and confirming, refining, ready to report
1 reply 0 retweets 0 likes -
Jumping the gun and being wrong has high costs to reputation and could be scare-mongering
2 replies 0 retweets 0 likes
He *finished the damn paper then waited two months*. It was done and researched and documented. And then he waited two months.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.