Hacker News new | past | comments | ask | show | jobs | submit login

Yes, because a company at #109 on the Fortune 500 shouldn't bother spending money on 24/7 infosec.

"Responsible disclosure" is simply a meme to reframe "instant full disclosure" as irresponsible, which is dishonest.

Do you think journalists sit on the final results of corporate negligence investigations while giving the guilty parties time to clean up their act?

Look at this bug, in particular. This is not about this bug; this is about basic negligence. It would have been completely appropriate to blog about this on day zero of discovery. This is not about "time to patch", this is about "time to convince the widest number of people that you should never trust McDonalds with your data".




> Do you think journalists sit on the final results of corporate negligence investigations while giving the guilty parties time to clean up their act?

I've worked at a newspaper. Your framing of the question is deliberately silly - they'd sit on it to prevent innocents from being harmed, not to protect the guilty.

Once it's fixed (or after a reasonable amount of time not getting fixed), then they happily nail the guilty people to the wall.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: