Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Jan 2018 17:10:05 +0100
From: Florian Weimer <>
Subject: How to deal with reporters who don't want their bugs fixed?

Subject says it all: What do you do if you receive a vulnerability 
report, and the reporter requests an embargo at some time in the future 
because that's when their paper/conference presentation/patent 
submission is scheduled?

The obvious approach is to find a prior public report of essentially the 
same bug and fix that (which will work surprisingly often), but let's 
assume that this isn't the case.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ