|
|
|
|
|
|
by underlogic
685 days ago
|
|
|
I don't get this responsible disclosure. Responsible to whom exactly? It takes leverage from security researchers who have risked their valuable time. Now the companies with lax security can dictate their pay, if any, through bounties while threatening them not to discuss their findings. It's corrupt |
|
|
Unsuspecting users.
When you don’t give companies a chance to fix a vulnerability that could have serious consequences for users, you’re effectively putting the users in harm’s way by disclosing it to the public. Bad actors will take advantage of that information very quickly. Nothing good comes out of that.
Whether you like the company or not, remember that the users have no idea they’re at risk.