Quote:
Originally Posted by BigJ
No one decides to bypass responsible disclosure (one method is mentioned earlier in Andrew's post) and takes it upon themselves to demonstrate vulnerabilities during competition matches again.
EDIT: whoops, there was a 6th page and at least two people already said relatively the same thing 
|
Starting today it's been 30 days since I sent my first e-mail about this.
6 months is the end of January 2013.
If I follow through with the 6 month process as it stands now I'll be giving the next interloper the perfect window of opportunity for 2013 by publishing in late January. FIRST who might do nothing with the knowledge till then would have little time to react. Worse FIRST will have solidified all their purchases and shipped all the kits of parts.
Suffice it say I'm not thrilled with this. Worse even if I don't point it out then depending on a number of likely factors these exploits will be readily available to any interlopers that we don't know about if they've stumbled on them.
If that's not a house of cards I don't know what is.
So if I publish that information I risk FIRST responding by sanctioning me.
If I don't publish that information who knows if or when it'll get exploited.
For those who get the reference:
'The only way to win is not to play' and unfortunately I don't mean looking for security problem.