Oh Verizon…. This morning I woke up to read “Redefining Security Researcher” from the “Verizon Security Blog”. While choking with laughter, I had remembered all the unfortunate events in the past 2 months that have resulted from “Responsible Vulnerability Disclosure”.
- One little pimp was sued.
- Two little pimps were laughed at.
- Most other little pimps were ignored.
While we strongly believe in Responsible Disclosure, we no longer wait months over months for the Vendor to React (or even respond). We tell them about it, inform them a PoC will be public in X weeks, and the rest is up to them. And guess what, it seems to work great. So, my suggestion – let’s redefine the “Verizon Security Blog“, and from now on, we can just call it “Verizon Blog“.