Hacker News new | past | comments | ask | show | jobs | submit login

That's exactly how responsible disclosure works. You wait until after the patch, then you do the blog post. In that order.

Publishing early just damages your relationship with the company, the community, and makes it more well known that you _don't_ have good intentions.




In this case the next time the vulnerability will be available is with the release of the next upgrade, expected around March.


Insiders see this style of Upgrade on a regular basis (with each new major Insider Build). Microsoft just made a big blog post about a new system for this style of Upgrade (the "Universal Patch Platform") and has asked Insiders to keep an eye out on it. A White Hat attempting responsible disclosure could at least check on Insider Builds and attempt to provide feedback on the new platform through official channels.


The last Insider Fast build was 2 weeks ago. Maybe MSFT is holding the net one back until they fix this...?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: