View Single Post
Travels via TARDIS
Join Date: Aug 2005
Location: Earthsea
2007-01-02, 23:33

Originally Posted by MegaManXcalibur View Post
I like the idea or bringing new bugs to the attentions of the public...
As do I, but only after either (a) the issue has been fixed or, (b) the developer, like Apple, has chosen not to fix it in a reasonable amount of time.

Disclosing vulnerabilities without the chance for a fix just degrades security; it gives potential attackers a known attack vector that will be open on all systems until Apple can release a patch. Also, blaming VLC vulnerabilities on Apple is silly. It just goes to show that this guy wants publicity more than anything.

Originally Posted by MegaManXcalibur View Post
But I said the same thing when the month of bugs was going do for Windows as well.
As well you should! I'm all for fairness... this guy's just way out of line with respect to "standard procedure" and common courtesy among security researchers.

Apparently I call the cops when I see people litter.