Thomas H. Ptacek · Nov 28, 2017 · 8:45 PM UTC

Thomas H. Ptacek @tqbf

28 Nov 2017

People who never, ever report vulnerabilities have the most interesting opinions about how people should report vulnerabilities.

118

519

Tavis Ormandy · Nov 28, 2017 · 11:05 PM UTC

Tavis Ormandy @taviso

28 Nov 2017

They also wanted full disclosure to be called "information anarchy", at least that one didn't stick.

Name_Too_Long · Nov 28, 2017 · 11:59 PM UTC

Name_Too_Long @Name_Too_Long

28 Nov 2017

I sort of like that better. "Full disclosure" sounds boring and corporate-y; "Information Anarchy" sounds fun and exiting!

Stefan Tilkov · Nov 30, 2017 · 10:08 PM UTC

Stefan Tilkov · Nov 30, 2017 · 10:08 PM UTC

Stefan Tilkov @stilkov

30 Nov 2017

Unsure what your suggestion is. Change the name of the practice? Or don’t report to the vendor first?

Nov 30, 2017 · 10:08 PM UTC