Hacker News new | past | comments | ask | show | jobs | submit login

That is one hypothetical scenario, yes. Another hypothetical scenario is that as a result of responsible disclosure the site owners patch the hole and ensure customer data isn't publicly accessible before the vulnerability is public knowledge.

Seems reckless to me to not even _try_ responsible disclosure. You don't have to wait a year. But at least give a chance for the problem to be solved before you make it common knowledge.




Did I say hypothetically? Sorry, I meant to say exactly as happened [1]

:)

[1] https://news.ycombinator.com/item?id=40169334


Right, so that’s a dataset of 1. Are you suggesting responsible disclosure never works because of your one time experience?


Of course not. I agree that responsible disclosure works perhaps 10% of the time.

It's the 90% of the time, when it doesn't work, that's the problem.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: