[grayhatter]

Did you not consider the CEO would just lie about fixing something?

[tptacek]

I assume the author isn't lying when they acknowledged that it had been.

[grayhatter]

I'm lost, what are you referring to? The author references the claim by the CEO, and then goes on to prove it was a lie.

That's a very common linguistical pattern.

[tptacek]

The email that the author sends to the CEO, in which his rationale for immediate disclosure is the fact that the database was fixed.

[grayhatter]

To which the CEO was rude and dismissive and threatening. Which is often a sign of having something to hide. I assume the author decided to then verify if the threats were made from a position of strength or weakness.

I read his email as a polite gesture, giving them a chance to request more time. I'm still confused as to what parts you're missing. Are you trying to imply something, or do you really not understand that people can lie and withhold information?

[sevg]

Did you miss this bit from the article:

> The email was read by someone, I assume the CEO, and less than an hour after it was sent, I could not connect to the exposed server anymore.

This was after the author’s first email, and before the CEOs reply.

What tptacek was getting at is that the article is a bit unclear on when the review of DB contents occurred, since the author no longer had access. (But I think it’s just because the author reviewed the contents already before they reported the issue.)