|
|
|
|
|
|
by tlo
3978 days ago
|
|
|
I recently reported a security issue to a quite popular open source project (which has at least some company support). The fix is ready but because of coordinating other security fixes into one big release it is - after almost 2 month - still not released. I wonder if this is normal? What else can you do? Full disclosure? |
|
|
> [W]ithout the threat of full disclosure, responsible disclosure would not work, and vendors would go back to ignoring security vulnerabilities.
https://www.schneier.com/blog/archives/2012/06/on_securing_p...