|
|
|
|
|
|
by gavingmiller
5223 days ago
|
|
|
The straight up ban is a great short term solution, but in the long run being easy to work with on security issues and not alienating your users is a better road. As they stated, this user wasn't malicious so banning him only causes grief and could turn him from an ally into an enemy. There was a great post a couple of days back that in effect said: It's not a matter of _if_ your security will be compromised but _when_. By being open to your users disclosing this information you're helping to keep your product secure. IMHO 37signals does a good job of this by linking and giving credit to those that have discovered security flaws in their apps (http://37signals.com/security-response). |
|
|