Valdis, You are teaching me how to behave, outsourcing _your problems_ to me.
Let me suggest you ``responsible people'' fix the problem yourselves. One approach is to work hard, find the bugs and report them -- in this case you won't depend on people like me. It ain't going to be easy, future versions will bring new bugs. btw, I wouldn't bother to do this smalltalk, but someone repeatedly spammed about responsible disclosure so I thought other opinions should be heard. On Tue, Apr 23, 2013 at 12:13:13PM -0400, [email protected] wrote: > On Tue, 23 Apr 2013 17:51:55 +0300, Georgi Guninski said: > > Completely disagree. > > > > IMHO nobody should bother negotiating with terrorist vendors. > > > > Q: What responsibility vendors have? > > A: Zero. Check their disclaimers. > > And disclaimer or no disclaimer, there's a lot of vendors who want to > Do The Right Thing and fix their stuff to protect their users (if for > no other reason than the possibility of lost customers if they ignore > security issues too often). > > If you're a black hat, do whatever the heck you want. > > If you're a white hat, be responsible and at least try to engage the > vendor. If you're worried about being stiffed for the credit for the > find, write the advisory and post the MD5 hash somewhere before contacting > the vendor. If they respond and work on the problem, the process works. > If they blow you off, go blackhat and do whatever the heck you want. :) > > Now wasn't that easy? :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
