The only reason someone might want to warn people in danger is their own personal fame? Maybe you need to do some self examination here. Vulnerability disclosure is hard, frustrating and thankless work, literally nobody is in it for the fame.
-
-
Replying to @taviso @alexstamos and
If you can't even bother to give them even 24 hours to fix a security issue before disclosing it publicly, well yes, I don't believe you are doing the users of that software a favour. It doesn't take much introspection to realise that...
2 replies 0 retweets 1 like -
Replying to @JeroenJacobs79 @alexstamos and
You'll have to walk me through your thought process. When I see someone in danger, my first thought is to warn them. Your first thought is keep it quiet and leave everyone at risk... for what reason, to protect the vendors business interests?
1 reply 0 retweets 2 likes -
Replying to @taviso @alexstamos and
End-users can't fix it themselves, they are at the mercy of the vendor. At least give them the time to issue an update and inform users to install the update. That's my thought process.
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @taviso and
What do you expect users to do? You think they will suddenly uninstall their primary business communication tool and switch to competitor in few hours?
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @taviso and
Tell me, why has Google a 90 days disclosure policy before they release vulnerabilities in public? What's the thought process behind that?
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @alexstamos and
You need to calm down and think it through. People are vulnerable for a short window during installation, if you've already installed then you were either already compromised or not - no fix can change that. If you haven't installed obviously you can *wait* for a fixed installer.
1 reply 0 retweets 1 like -
Replying to @taviso @alexstamos and
Doesn't change the fact this causes panic for end-users without giving the vendor a chance to communicate this to their users. Especially at a moment where remote work is required, and not an option.
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @alexstamos and
Think the attack through. The *only* people this affects are people who are *not* users yet. You're saying don't warn them, just put them at risk, we must protect the vendor? Most people want to hear about designs flaws in the products we use, you're in the minority here.
2 replies 0 retweets 3 likes -
Replying to @taviso @alexstamos and
I'm saying it should not have been reported, I say giving them just a little time to issue a fix and proper communication wouldn't have been so much to ask. I don't care if I am in the minority for having that opinion.
3 replies 0 retweets 0 likes
Right, you're saying it's okay to put people at risk for a "little time", because it will help the vendor and anyone who doesn't is a narcissist. I'm saying I think it's important to not put people at risk, and the vendor (a $35B company) can take care of themselves.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.