| ▲ | selectively 6 hours ago |
| Those norms do not exist. Those are people asking companies to do stuff to benefit the person complaining for free, and many companies will not do that. |
|
| ▲ | _yttw 5 hours ago | parent [-] |
| It seems to me you're unaware of them, but there are strong norms around disclosure. They've been discussed for decades. It is the expectation that vendors would be notified in a scenario like this. |
| |
| ▲ | selectively 5 hours ago | parent [-] | | No, there are users who want those to be norms. Qualified researchers happily sell substantive vulns to people who pay (Governments/Cellebrite and companies like that) enough to quell any complaint. | | |
| ▲ | _yttw 5 hours ago | parent [-] | | Which is again, irrelevant to the question of how disclosure works and what expectations there are around it because that is not disclosure and is not what was being discussed. |
|
|
