When you say 'security updates' I assume you mean publish the bug, and I think you're right, as I just stated in the other mail, if the company is dragging it's feet, threatening legal action (bluffing) or just leading the hacker on, then to heck with them, let them know when you're publishing and the publish! Maybe they'll learn, maybe not, maybe the next hacker will be better treated, probably not.
Gary B On 12/13/2013 01:32 PM, Jordon Bedwell wrote: > On Fri, Dec 13, 2013 at 12:15 PM, Gary Baribault <[email protected]> wrote: >> Of course, all software companies would love for the disclosure to wait snip >> he should be fine after the release (but IANAL). > > To add, in cases where people do release security updates even if a > fix is pending it's most of the time not to do with the time line and > more to do with the fact that the entity with the problem are trying > to silence the "hacker" to prevent embarrassment. At least from what > I've noticed and experienced. >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
