| ▲ | SCHiM 5 hours ago | |||||||
Microsoft's policy is: "if you contact us with a vulnerability, you automatically agree to the terms of our responsible disclosure policy", which includes waiting 30 days after patch was created, and says nothing about how long that process takes. There is actually no way to give them a friendly heads up, and then do your own thing. The only way not to be bound is by not sending them any notification at all... | ||||||||
| ▲ | prmoustache 2 hours ago | parent | next [-] | |||||||
Since no contract is signed, this is just pure fantasy from your part. | ||||||||
| ▲ | leni536 4 hours ago | parent | prev [-] | |||||||
I wonder if "if you contact us... you automatically agree" stands in court. That's just ridiculous. | ||||||||
| ||||||||