[bobster65]

Quote:

Originally Posted by hambil

I'm more than happy to agree to disagree. However, you didn't just disagree, you accused some coders of having an unprofessional and selfish agenda. And you did it again in this very post:

I assume you have the best interests of the user at heart, even though I don't agree with your solution. Now that, is agreeing to disagree.

You are correct that I accused some coders of having an unprofessional and selfish agenda. This very thread shows the entire community that its an issue.. Maybe it will hit home and they will take some time to rethink about the way they code and care about their code. If they don't, they have no business releasing code to end uers.

I take it since you are so personally consumed with how I feel about this, you are feeling guilty otherwise you wouldn't be responding as such as It wouldn't pertain to you.

I gave 7 recommendations (as requested by the vBorg Staff) that covered End users, Programmers and Vborg Staff and one of them is something that you don't like. Oh well. I highly doubt that vBorg is going to delay notification to end users because they understand the importance of security vulnerabilities and won't put themselves in a compromising position just to benefit the personal agenda of a few unprofessional hackers.

Quote:

Originally Posted by hambil

Immediate notification does not automatically mean the end user is safer. What part of that do you not understand? Jelsoft, and pretty much every company I have ever worked for or wrote security protocols for, does not do this unless the security flaw has already been made public, and is severe. I've already stated the reasons why. I don't care if you disagree with them, feel free. But if you continue to slander me you will regret it, as putting such things in print is illegal.

You are correct Hambil.. Immediate notification does not automatically mean the end user is safer... what immediate action does is give the end user the option to take a course of action that they would not have by delaying the notification. The end user has just as much of a right to know of a vulnerability as the author of the code and its up to the user to decide what is the best course of action to take. You still have not given one good solid professional reason to delay notification.