oss-sec mailing list archives

Re: How to deal with reporters who don't want their bugs fixed?

From: Ian Zimmerman <itz () very loosely org>
Date: Mon, 22 Jan 2018 11:41:56 -0800

On 2018-01-22 17:20, Mikhail Utin wrote:

Keeping it individual without public announced maximum embargo time
would also help prevent folks from jumping to 0daying everything per
default:)

However, to me it is pure "Security by Obscurity" in a bit different
wording. It never worked. Simply think that somebody else knows the
secret and with your help continues using that.


I think you misunderstand the parent post.

Nobody is proposing that the embargo period for any _particular_ issue
be secret.  The proposal in the parent post was to not have a public
general embargo policy for _all_ issues present & future.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.

Current thread:

Re: How to deal with reporters who don't want their bugs fixed?, (continued)
- - Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
    - Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? i (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? Greg KH (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? Igor Seletskiy (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? Tavis Ormandy (Jan 20)
  - Re: How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 20)
    - Re: How to deal with reporters who don't want their bugs fixed? r . hering (Jan 22)
    - Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 22)
    - Re: How to deal with reporters who don't want their bugs fixed? Ian Zimmerman (Jan 22)
    - Re: Re: How to deal with reporters who don't want their bugs fixed? Tristan Henning (Jan 22)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? Michael Orlitzky (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Mike O'Connor (Jan 23)
  - Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 26)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
    - Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 26)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
    - Re: How to deal with reporters who don't want their bugs fixed? halfdog (Jan 27)
    - Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 27)