|
|
|
|
|
|
by fauigerzigerk
4934 days ago
|
|
|
I think vendors should have a policy for dealing with security vulnerabilities. The policy should say how much time they will take to fix it and how they will give credit those who found the issue. If a vendor does not have such a policy or is found to have violated it, I would go for immediate full disclosure. |
|
|