Quote:
Originally Posted by MegaManXcalibur
I like the idea or bringing new bugs to the attentions of the public...
|
As do I, but only after either (a) the issue has been fixed or, (b) the developer, like Apple, has chosen not to fix it in a reasonable amount of time.
Disclosing vulnerabilities without the chance for a fix just degrades security; it gives potential attackers a known attack vector that will be open on all systems until Apple can release a patch. Also, blaming VLC vulnerabilities on Apple is silly. It just goes to show that this guy wants publicity more than anything.
Quote:
Originally Posted by MegaManXcalibur
But I said the same thing when the month of bugs was going do for Windows as well.
|
As well you should! I'm all for fairness... this guy's just way out of line with respect to "standard procedure" and common courtesy among security researchers.