What is the thresshold where you do decide to release the bug description?
Microsoft has sat on bugs for years saying they were working on them. Do you disclose after a week? A Month? a Year?
If it were a company or team with a solid history of patching swiftly I could see trusting them. But this is Microsoft, they have the resources to fix bugs. They chose an OS design that sacrificed security for other things. Worst, they chose to betray trust in the past. Someday Microsoft might earn that trust back, but they are a long way off from earning mine.
If I informed them of the bug and it wasn't fixed in the next patch, then I would need solid evidence they are working on it or I release the exploit. If it were a group I trusted I would follow up several times until I lost faith in them.
Microsoft has sat on bugs for years saying they were working on them. Do you disclose after a week? A Month? a Year?
If it were a company or team with a solid history of patching swiftly I could see trusting them. But this is Microsoft, they have the resources to fix bugs. They chose an OS design that sacrificed security for other things. Worst, they chose to betray trust in the past. Someday Microsoft might earn that trust back, but they are a long way off from earning mine.
If I informed them of the bug and it wasn't fixed in the next patch, then I would need solid evidence they are working on it or I release the exploit. If it were a group I trusted I would follow up several times until I lost faith in them.