[gruez]

>Finger pointing towards someone who actually found a vulnerability is just bleak. I would not willingly associate with anyone who engaged in such behavior.

Nobody is "finger pointing" Rachel for the vulnerability. They're calling her out for how she communicated it. I feel that's totally justified. For instance if someone found a critical RCE, but the report was a barely coherent stream of consciousness, it's totally fine to call the latter part out. That's not "finger pointing".

>But it's your job to fix them. Stop complaining.

It's the developers job to respond to bug reports in the form of vaguely written blog posts?

[cenamus]

Yeah shame on the people irresponsibely publishing the vulnerability, but the people putting them in? Who cares

[gruez]

>but the people putting them in? Who cares

Literally nobody is arguing this.

[cenamus]

But everyone is grilling the author for publishing. Maybe they should sell it next time, no negative reaction that way

[gruez]

>But everyone is grilling the author for publishing

What's the alternative? Having no quality bar for vulnerability reports, and give no pushback for poorly written vulnerability reports, even if they're crayon scribbles on a napkin? I agree that not everyone can write a detailed and thoroughly researched bug report like the ones project zero puts out, but I think most can agree that "you might want to stop using [software]" is well below any reasonable quality bar.

>Maybe they should sell it next time, no negative reaction that way

Yeah I'm sure 0day groups are going to be paying top dollar for weird crashes.