|
|
|
|
|
|
by tfha
2390 days ago
|
|
|
Acting responsibly as a researcher who has discovered a vulnerability requires delicately balancing a question of two greater evils. Will more people get hurt overall if we announce the vulnerability sooner, or will more people get hurt overall if we wait until the vendor is ready? In most cases, working with the vendor to allow a patch and a warning to be released is the path of least harm. But sometimes the right decision is to announce a vulnerability before the vendor has issued a patch. |
|
|