I think it’s important for users to know how vulnerable they really are and for providers to have a fire lit under their ass to patch holes. I think it’s standard practice to alert providers to these finds early, but I’m guessing a lot of them already knew about the vulnerabilities and often don’t give a shit.
Compared to airing this dirty laundry I think the alternatives are potentially worse.
Hmm I don’t know… Users usually don’t pay much attention to security. And the disclosure method actively hides it from the user until it no longer matters.
For providers, I understand, but can’t fully agree. I think it’s a misguided culture that creates busy-work at all levels.
I think it’s important for users to know how vulnerable they really are and for providers to have a fire lit under their ass to patch holes. I think it’s standard practice to alert providers to these finds early, but I’m guessing a lot of them already knew about the vulnerabilities and often don’t give a shit.
Compared to airing this dirty laundry I think the alternatives are potentially worse.
Hmm I don’t know… Users usually don’t pay much attention to security. And the disclosure method actively hides it from the user until it no longer matters.
For providers, I understand, but can’t fully agree. I think it’s a misguided culture that creates busy-work at all levels.