Valve says turning away researcher reporting Steam vulnerability was a mistake (opens in new tab)

(arstechnica.com)

47 pointsulysses6y ago12 comments

12 comments

Shady thing happens -> Lucky enough for issue to go viral -> Company makes an apology mainly bragging about how much they've paid out on H1 and playing some blame game.

Count me not surprised.

A company that goes out of their way to dispute the CVE, to turn around a day after a PR firestorm, is not actually turning around. They are saving face.

manfredo6y ago

Or, the systems in place didn't work as intended and Valve took steps to rectify that. Sure it'd be better to get it right from the start, but people and organizations are fallible and the best thing to do is to make things right when they do fall.

ziddoap6y ago

This is not Valve's first time at the rodeo, and they aren't a small indie company learning the ropes.

The apology was loaded with blame shifting and bragging about previous H1 payments, neither of these lead me to be more lenient with Valve.

The hacker is still banned from submitting bugs, for god's sake. Nor has he heard from Valve.

Edit: They even disputed the CVE, manually, removing any doubt that this wasnt an oopsie caused by a system.

1 more reply

devwastaken6y ago

Valves been on the down for years. Last minute chat app trying to mimic discord/curse, and introducing laughable vulnerabilities. VR gear more expensive and less relevant than competitors, no advancement on the tech that worked (steam controller, steam streaming box). Better mods through other sites and curse client. No more valve games, holding onto a dead engine.

Valve is coasting on prior success. If discord or curse was done better steams market share would nosedive.

This is one of many mistakes that happen when you dont compete and innovate.

tehwebguy6y ago

Curse & Discord wouldn’t even exist if Steam had evolved properly. They had game store + friends list + chat integrated like 15 years ago, big miss IMO.

tracker16y ago

Well, maybe future serious bugs in valve/steam software should just go to open/public disclosure until they've actually paid out for the two bugs they denied previously.

j / k navigate · click thread line to collapse

12 comments

ziddoap6y ago

Shady thing happens -> Lucky enough for issue to go viral -> Company makes an apology mainly bragging about how much they've paid out on H1 and playing some blame game.

Count me not surprised.

A company that goes out of their way to dispute the CVE, to turn around a day after a PR firestorm, is not actually turning around. They are saving face.

manfredo6y ago

ziddoap6y ago

This is not Valve's first time at the rodeo, and they aren't a small indie company learning the ropes.

The apology was loaded with blame shifting and bragging about previous H1 payments, neither of these lead me to be more lenient with Valve.

The hacker is still banned from submitting bugs, for god's sake. Nor has he heard from Valve.

Edit: They even disputed the CVE, manually, removing any doubt that this wasnt an oopsie caused by a system.

1 more reply

devwastaken6y ago

Valve is coasting on prior success. If discord or curse was done better steams market share would nosedive.

This is one of many mistakes that happen when you dont compete and innovate.

tehwebguy6y ago

Curse & Discord wouldn’t even exist if Steam had evolved properly. They had game store + friends list + chat integrated like 15 years ago, big miss IMO.

tracker16y ago

Well, maybe future serious bugs in valve/steam software should just go to open/public disclosure until they've actually paid out for the two bugs they denied previously.

j / k navigate · click thread line to collapse