2014-01-29 Eric Reed <ere...@mail.nysed.gov>: > Security has, and should be an open arrangement between developers and > the clients for which they develop code. > > This relationship is as follows: > > 1. I detect an exploit in YOUR code. > > 2. I inform you of the exploit along with a proof of concept. > > 3. I give you time to release a patch and notify your clients. (Around > 2 months, give or take)
2 months may not be enough ;-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
