Date: Fri, 26 Jan 2018 20:15:03 +0100 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: How to deal with reporters who don't want their bugs fixed? On Fri, Jan 26, 2018 at 05:48:14PM +0000, Mikhail Utin wrote: > I 100% agree with Solar's response. We should not limit our freedom to choose how we will handle our intellectual property. That is how I read the original statements below. Oh, so-called "intellectual property". I'm not thinking in such terms. What I meant is that projects expecting to receive vulnerability reports are not to be obliged by some industry standard to impose any specific rules on the reporters. This does mean that, among other things, those projects do not have to insist on a maximum embargo time (even though I advocate that they do), and as a side-effect this might assist someone probably selfish with monetization of so-called "intellectual property". Basically, you saw what you wanted to see. Yes, it's kind of there, but it wasn't in focus. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ