[grkvlt]

It certainly isn't tired, and "responsible disclosure" policies are absolutely preferred over any sort of free-for-all distribution and posting of PoC code to the world before the vendor. I think most professional security researchers have always subscribed to the general idea of responsible disclosure of vulnerabilities, even before things like RFPolicy [0] brought the concept to a wider audience.

However by any reasonable definition [1] it is a meme, being a "unit for carrying cultural [...] practices that can be transmitted [...] through writing [or] speech." Remember that memes existed as a concept long before LOLcats and formulaic GIF images with amusing text macros on the Internets...

    [0] http://www.wiretrip.net/p/libwhisker.html
    [1] https://en.wikipedia.org/wiki/Meme

[sneak]

My problem is not with companies preferring advance notice, or with people who abide by what is called "responsible disclosure". Indeed, it is often the Right Thing To Do.

The problem is that use of the phrase "responsible disclosure" FRAMES anything that does not conform to that narrow definition as "irresponsible disclosure", when in reality it simply is not. (It is not irresponsible to pull a @homakov, for instance.)

It's "framing": a way that use of language shapes our thinking about the world and events therein, sometimes and usually without our explicit conscious consent to such bias.

Please stop using the term. "Advance developer/vendor notification" is a suitable replacement if you wish.

[droopybuns]

If we were playing table tennis, I would comment on the tremendous amount of english you put on that ball.

On the one hand, I concede your point. I think your phrasing is certainly more accurate. However it isn't quite as expressive to the layman.

On the other hand, there are so few people out there who truly can grasp the nuances that you're focusing on, I am wary of propogating your valid point.

I still think "responsible disclosure" is a better (albeit damaged) descriptor.