Disclosing a vulnerability publicly without any attempt to tell the vendor first is ...
-
-
I disagree. Even if it’s documented it’s not likely the vendor properly understands the risk. Initial communication with the vendor is not optional in my opinion.
-
I dont care whether you disagree. Its my time and my IP. The vendor doesnt have to understand the risk - he cares about reputational risk while i care about risk to their customers - which the vendor is only partially able to measure.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.