K. Reid Wightman :verified: 🌻 :donor: :clippy: on Nostr: The late Dan Kaminsky once said (paraphrasing): every vulnerability researcher thinks ...

The late Dan Kaminsky once said (paraphrasing): every vulnerability researcher thinks their bug is the best bug that ever did bug.

I like to see a vendor at least acknowledge bugs and make some kind of a plan. Even if it's "we'll patch it on our next annual release" that's fine.

Lately I've had a slew of vendors who never even confirm bugs, let alone put together any remediation plan. But "we take security very seriously" and all that...