Mozilla’s thoughts about responsible disclosure

According to article Mozilla’s security chief Window Snyder states that

“The researcher has all the power. They control when they disclose it, and they control the idea whether or not the vendor responds in time.”

Very interesting reading.

  • Sid

    I’m not looking to start a debate about various disclosure techniques, but have a read of this:
    I think if you clarely stated you’re following the policy stated in that file in your initial contact with the vendor (or even in every contact) then you’re on solid ground from the start.