undefined | Better HN

0 pointssillysaurus38y ago0 comments

It's as remotely acceptable as "root" with no password, apparently.

The question is large and complicated, and people can agree to disagree. There's nothing wrong with tweeting vulns: The company is at fault, we can defend ourselves now that we know about the vuln, and it's a big PR disaster for Apple.

A past conversation: https://news.ycombinator.com/item?id=14009937

No, no it's not strictly more ethical. It's not even strictly safer, which should be an even easier question to answer. The baked-in assumption in your logic is that users have no options other than waiting to patch. But, obviously, they do, and keeping vulnerabilities secret deprives them of those options.

0 comments

openasocket8y ago

> The question is large and complicated, and people can agree to disagree

> There's nothing wrong with tweeting vulns

Those two statements seem to be contradictory. It seems to me there is still quite a lot of debate about which disclosure policy is best,

j / k navigate · click thread line to collapse