|
|
|
|
|
|
by rdtsc
5192 days ago
|
|
|
> I'm all for disclosure of a newly found exploit because by doing so you are informing every one who might have the problem and that allows them to take action You also assume that it is the company that will suffer and they are the ones that have to take action. A lot of companies are public facing companies that store and maintain sensitive customer information. I thought the main reason to disclose the research is not to help the company not lose millions at the end of the quarter but to warn their customers that this company can potentially leak your information. > Its like publishing a list of buildings that don't have good door locks or something. It is like publishing a list of buildings that store others belongings (like a bank) that doesn't have locks on them. You want to disclose that fact because chances are someone else found the vulnerability and is exploiting it. It would actually seem very irresponsible to not disclose it in that case (after say it turns out many people's stuff goes missing). |
|
|