Slashdot Mirror


What is Responsible Disclosure for Security Flaws?

Silverdot writes "In an article on ZDNet, the author brought up a few cases of uneasy relationships between security researchers and software firms. While those who report the bugs should first seek to notify and work with the software firm to resolve the flaw, One researcher commented: "All researchers should follow responsible disclosure guidelines, but if a vendor like Microsoft takes six months to a year to fix a flaw, a researcher has every right to release the details." Should the onus be on the software firm to manage each issue and the relationship well, or does it fall to the morally responsible user?"

1 of 235 comments (clear)

  1. Re:"Responsible Disclosure" is a lie by Anonymous Coward · · Score: -1, Troll

    Yo, here be be da first post yo, comin at cha from da Trip Bastard Junkie
    Let me raise ma karma, be-atch. Microsoft sucks. Yeah boy that raises da damn karma like my momma raise da roof!
    Peace out- the monkey has to go slap my monkey.
    _________ / RIP bastard Junkie
    And by the way, i play the skin flute and love to smoke pole!