|
|
|
|
|
|
by scott_w
5191 days ago
|
|
|
I think this raises two issues: 1) It can be difficult to know whether customers are (or could be) affected. Just because the author can't find the case doesn't mean someone else can't.
2) If the company refuses to fix this broken window, they may find other broken windows that aren't worth fixing, which may affect users. By releasing the vulnerability, one can force the company to become more conscious towards security in the long-term. |
|
|