On 06/26/2014 10:15 AM, David Gerard wrote: > NDAs for security bug > access are pretty much standard, aren't they?
I don't know about "standard" but they are certainly common in cases where said software has a large installed base and early disclosure of a vulnerability would place them at risk without being able to protect themselves. It's not about avoidance of being "transparent" but to give a bit of protection to third parties - note how fixed security issues are moved from security back to their "real" components when being closed. -- Marc _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
