Several times each week, the Internet Storm Center is requested to broker between parties who have found vulnerabilities, and the corresponding vendors of the software or services affected. While we're always happy to assist, the reason for our involvement has much less to do with animosity between both parties than with the availability of either one of them. Many accidental finders of a security problem bump into issues when trying to report it to the vendor of the software or service. The last thing someone reporting an issue wishes to do is to spend twenty minutes logging a support case, only to be halted when they are requested for a serial number. There are situations in which a non-direct client may have become aware of a security issue in your product. Even in that case, you *really* want to know. |
Maarten 158 Posts Aug 2nd 2008 |
Thread locked Subscribe |
Aug 2nd 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!