[squidfood]

Anyone can complain about a security vulnerability or so forth. However, in getting it fixed, it is reddit that did it, because the "doing it" was getting the high-profile attention of someone who could fix the problem, which requires a reddit-level audience.

Similarly, if a newspaper publishes something about how a local company hurt a customer, it's the clout of the newspaper that "did it", not the customer.

[bpchaps]

If the information was noticed after being stapled to electrical poles, should Comed be given the credit? Hell no. Just because reddit is where the ack happened, that doesn't mean it was reddit who "did it". It just happened to be the place where it worked. It feels pretty unfair to give reddit the creddit here. It would have been significantly easier to either sell it or ignore it. Fuck both of those options.

FWIW, the disclosure sparked the discussion about a bug bounty program and a strong interest to reorganize their methods of raising security issues. I'm told both will go public, "soon". Whatever that means.

[drzaiusapelord]

>Anyone can complain about a security vulnerability or so forth.

The skillset to find a unknown security issue is rare. The skillset to post to reddit is common. I think you're wrong here. The author deserves the credit, not the site.

>Similarly, if a newspaper publishes something about how a local company hurt a customer, it's the clout of the newspaper that "did it"

Because the reporter is an employee of the newspaper and like all employees is part of the organization, so its easier to credit the organization. How is reddit like a newspaper? They aren't his employer. Its more like publishing something to the classified sections of a paper than being a reporter. It would be crazy to credit the paper for its classifieds.