upvote

points

by bathtub36511 hours ago |
comments
upvoteby zamalek11 hours ago|
[-]
Yes, and that's why we have the responsible disclosure protocol. It wasn't correctly followed here.
reply
upvoteby tptacek9 hours ago|
parent|
next
[-]
There is no such thing as "the responsible disclosure protocol". There's really no such thing as "responsible disclosure" at all, but "the responsible disclosure protocol" is a term I have literally never heard before. (I've been a vulnerability researcher since the mid-1990s, for what it's worth.)
reply
upvoteby zamalek5 hours ago|
parent|
[-]
https://en.wikipedia.org/wiki/Coordinated_vulnerability_disc...

> In computer security, coordinated vulnerability disclosure (CVD, sometimes known as responsible disclosure)

I guess you can learn something new after 36 years.

If you are referring to what you quoted, your pedantry and sharpshooting would result in an incomplete English sentence: "that's why we have the responsible disclosure" is missing a noun. Now that we are firmly in worthless pedantry:

Protocol (n):

1.a. a system of rules that explain the correct conduct and procedures to be followed in formal situations

1.b. a set of conventions governing the treatment and especially the formatting of data in an electronic communications system

If you don't like what I said or disagree, poke holes in factual inaccuracies. However, in the reality that I am pretty sure we all share, responsible disclosure is a well established protocol that is followed by many security researchers, and was imperfectly followed here.

reply
upvoteby john_strinlai34 minutes ago|
parent|
next
[-]
this is a crazy snarky response, on top of being incorrect. quite the combo.
reply
upvoteby voxic111 hours ago|
parent|
prev|
[-]
What rules were not followed here?
reply
upvoteby Scharkenberg6 hours ago|
parent|
prev|
[-]
Which part was not correctly followed?
reply