Security News > 2018 > November > Oracle and "Responsible Disclosure"

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to withhold their work until software companies fix the vulnerabilities, and software vendors agree not to harass researchers and fix the vulnerabilities quickly. When that agreement breaks down, things go bad quickly. This...

News URL

https://www.schneier.com/blog/archives/2018/11/oracle_and_resp.html