Re: Unresponsive Vendor

[Matt Burnett <marukka () mac com>]

Thanks for everyone's 2 cents, I never expected such a large amount of
replies. So let me try to reply to everyone in one email, sorry if I missed
a question or comment, just throw something hard/heavy at me and I will
address it. And to all the people who say 'don¹t consider this
disrespectful', don¹t worry I haven't, your entitled to your own opinion. I
have submitted this to the company in the manner their security hotline has
requested. I did include the d0s code along with a statement saying that I
would like to be kept in the loop and that I would release this is 2
weeks/when a patch is released, whichever comes first. I also stated that I
would be willing to delay the release, and did provide my cell phone number.
Why 2 weeks, I must be a jackass!?! Well as I stated before, I've been laid
off for 4.75 months now, and my cable company wants their money and is going
to cut off my service soon. On top of that the Chicago job market isn't that
great, and I don¹t know when i'll get another job so I can pay my ISP. I am
going to take everyone's advice and call them before release assuming they
haven't released a patch yet, and ask for a status update. If they say soon
then I'll delay release. The product is semi open source (proprietary
licensee) and I have considered releasing patch. But upon inspection it
appears that the source code they provide is different that what is actually
in the product, I could be wrong, and I am still inspecting their code.

In response to everyone who has said that I should not expect credit. My
opinion on this issue is that by discovering this bug and reporting it to
them I am doing work for them. I'm not expecting a check but a full
commercial license of the product would be nice, or at the very least they
should give credit.


---------------------------------------------------------------------------
----------------------------------------------------------------------------