Date: Thu, 18 Jan 2018 17:10:05 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: How to deal with reporters who don't want their bugs fixed? Subject says it all: What do you do if you receive a vulnerability report, and the reporter requests an embargo at some time in the future because that's when their paper/conference presentation/patent submission is scheduled? The obvious approach is to find a prior public report of essentially the same bug and fix that (which will work surprisingly often), but let's assume that this isn't the case. Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ