Quote:
Originally Posted by Andrew Schreiber
You took the number 6 months entirely too seriously. I quite literally pulled that number out of thin air just to let people know that 2 weeks is NOT an appropriate period of time. Obviously publishing just before another round of competitions might not be good. But I was assuming that if a person is intelligent enough to discover the vulnerability and to not be retarded about how to expose it they would have SOME common sense. I guess that's asking too much from people though.
|
Common sense is anything but. After all so many wish so many others had it.
This is a situation in which you have on one hand a vulnerability and a certain set of skills, resources and knowledge to outline it.
The other you have an organization pushed to the limits exposed to that vulnerability and perhaps not inclined to deal with it.
There's no reason...literally at all...to expect that I or any other researcher have the ability to influence FIRST corporate. That's the point.
The implied threat of exposure is a weak threat with FIRST because FIRST is a corporation with hundreds of thousands of kids impacted by it. You're not just costing their corporate bottom line or reputation. As all of these similar topic represent you're messing with the kids and it's not one step removed like disclosing some banking data.
Unfortunately this matters. There are too many disclosures I'm aware of and the costs on the other side of that big stick are too great.