Hacker News new | past | comments | ask | show | jobs | submit login

I agree about responsible disclosure but that problem had many facets, and I was rather trying to point out rails problem, sadly, using github hole.



It's a fine line sometimes. I think your commit is mostly defensible. It's really an open question. What do you do when you point out a serious security issue and it doesn't get the attention it deserves? I think your commit definitely proved that the issue was being downplayed far too much. Is there some better middle ground? If proving a vulnerability results in it getting fixed overnight and merely describing it results in it getting fixed never then what's the right course of action?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: