I must not have articulated my point properly as it looks like we are both saying the same thing.
What I was trying to convey was that if a person was actually concerned about the "industry" as opposed to self-promotion and ego-substantiation, then they would just notify the vendors and then get on with their lives irrespective of the vendors' ultimate remedy. As you say, there are any number of reasons why a vendor will or won't fix a bug, and/or when they will or won't fix it. The "researcher" will never know the requirements or considerations. In that respect, you have to "trust" the vendor - again, *IF* you are not concerned with self promotion. When a vendor fixes a bug, why do people then post details on their find once it is patched? For recognition. I'm not saying there's anything wrong with it - I've done it myself, purely for the reason of getting some acknowledgment. I was just commenting on the "honesty" of Joro's "fuck 'em" comment. I think any more on the subject will just result in another flare-up of FD vs RD vs FO vs GGF, so I'll probably not spend too much more time on the thread - but please feel free to add whatever you may think I've missedŠ. t On 7/8/12 5:07 AM, "Stefan Kanthak" <stefan.kant...@nexgo.de> wrote: >"Thor (Hammer of God)" <t...@hammerofgod.com> wrote: > >| Content-Type: multipart/mixed; boundary="===============0734760750==" > >Please stop posting anything but text/plain. > >> If you really care about the security of the industry, then submit it >>and >> be done with it. If and when they fix it is up to them. > >OUCH!? >The "industry" will (typically) not fix any error if the cost for fixing >exceeds the loss (or revenue) that this fix creates, including the vendors >gain/loss of reputation, gain/loss of stock value, loss of money in court >cases or due to compensations, loss of (future) sales due to >(dis-)satisfied >customers, ... > >Joe Average can't tell the difference between a program which is designed, >developed, built and maintained according to the state of the art, and >some >piece of crap that is not. He but only sees the (nice or promising) GUI of >the product and it's price tag. > >Stefan Kanthak > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/