|
|
|
|
|
|
by taviso
829 days ago
|
|
|
The issue here is that the vendor did release patches, but then tried to hide that they fixed a vulnerability. This is usually called "silent patching", and it's controversial. As with any disclosure discussion, there are lots of opinions here and everyone likes to call everyone else irresponsible. If you're pro-silent patching, you might argue that it reduces the number of people who know about a vulnerability, so publishing advisories is irresponsible. If you're anti-silent patching, you might argue that it reveals the vulnerability to the people who monitor patches without giving any warning to the affected users that they need to patch, so not publishing advisories is irresponsible. Maybe you're just a "minimum details" kind of person, and providing full details is irresponsible. Or maybe you're a "full details" kind of person, and restricting security professionals from accessing the information they need to do their jobs is irresponsible. In summary, I'm irresponsible for leaving this comment and you're irresponsible for reading it. |
|
|