Hacker News new | past | comments | ask | show | jobs | submit login

Yes – I even got a nice email from someone apologizing about that and explaining that they were trying to get the security@apple.com people to at least forward messages when I did a full disclosure release after not receiving a response.



> they were trying to get the security@apple.com people to at least forward messages when I did a full disclosure release after not receiving a response

That sounds a bit dysfunctional on Apple's part that they can't exert that kind of control over their own employees for an issue with potentially enormously negative consequences.


That sounds a bit dysfunctional on Apple's part that they can't exert that kind of control over their own employees for an issue with potentially enormously negative consequences.

I'm not saying it isn't dysfunctional, but it sounds like every single large company I've ever worked with or for.

Especially when "security" is provided by a third-party security company.


This was awhile back in the unverified TLS certificate era so I'm assuming they got more serious about it.


Great to hear they are paying good attention to the concerns sent lately.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: