Hacker News new | past | comments | ask | show | jobs | submit login

Yes I would, but I'd follow the standard responsible disclosure rules that are fairly common place. As far as the information that's been presented makes out, there was no responsible disclosure. In fact, weev attempted to say they were going down that route whilst at the same time discussing on irc how they could use the information for fairly black hat purposes.

I think the industry basically needs to take the informal responsible disclosure rules and try and get them made a bit more formal, for everyones benefit.




One of the ongoing issues in the security industry is that there is no standardized form of disclosure. There are frameworks that have been put together, but only some companies embrace them. Other companies are openly hostile towards any solution that doesn't leave the power entirely in their own hands. Basically, many large companies feel that the public should remain uninformed, which then leaves the company free to keep producing insecure software.


Which is why I think there should be some attempt at a formal body, the EFF is in the right place to spearhead an attempt at implementing something along those lines.


This might be a good idea, but I surely hope that whenever a formal body is created, that it isn't a government entity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: