After having reported a security-relevant bug about a smartphone, how long would you wait for the vendor to fix it? What are typical times?
I remember telling someone about a security-relevant bug in his library some time ago - he fixed it and published the fixed version within ten minutes. On the other hand, I often see mails on bugtraq or so in which the given dates show that the vendor took maybe a year or so to fix the issue...
pgpSqSsilXsXf.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/