|
|
|
|
|
|
by ziddoap
835 days ago
|
|
|
You can read their actual disclosure policy here: https://www.rapid7.com/security/disclosure/ They do not -- and the industry as a whole does not -- claim that that the best practice is to immediately reveal a vulnerability regardless of a patch. |
|
|
> Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them.
> Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there's apparently a time and a place for these things.