|
|
|
|
|
|
by huggah
5030 days ago
|
|
|
What purpose does this serve? In general, I agree with you, because most vulnerabilities can be fixed by the vendor in some reasonable (<6 months) amount of time, and by telling the vendor about the vulnerability beforehand, you help reduce the window where the attack can be easily exploited. This is not such a case; the vendor had no reasonable way of fixing this. Others had probably already discovered (and used) this vulnerability, and in the long term fixing this vulnerability quickly requires motivating the company to do so. Disclosing it privately wouldn't have held much benefit, and might have been detrimental (the company may have tried to use legal means to prevent or penalize the public disclosure). |
|
|