the 90 day disclosure policy is dead

19 points by fro

Riolku

It feels moderately ironic that this article too smells LLM-written

fro

i think this is just the way things are now for better or worse

yawaramin

The 'responsible disclosure' policy was always a polite fiction people told each other. It was always a 'go along to get along' kind of situation. LLM-based vuln discovery tools have just exposed it for what it is.

evert

Finally someone exposed social norms for what they really are. Good riddance
- Vaelatern
  
  Social norms keep society together. Social norms kept people from being at each others' throats when doing vulnerability research, turning natural opponents into people on the same team. Without those norms, any security research that isn't planned by the team doing the work is an unwelcome surprise and the world is worse off for it.
  - evert
    
    Fully agree. Just in case it wasn't clear, my original comment was meant sarcastically