Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Management that knowingly chooses to ignore a major issue should be charged with criminal negligence. The creation of the bug is a common and difficult to avoid mistake. But once it has been found, choosing not to change it despite being warned if the consequences makes you responsible for those consequences.


So if send an email "Fix all your bugs or else bad stuff will happen", and if they don't fix all their bugs now I can put their devs in jail ?


Don't be obtuse. That is obviously not a genuine bug/vuln disclosure.


And you decide what is genuine?

Sorry, this whole thread is a fantasy of nerds thinking they can create a punitive policy for behavior they don't like. But there is no actual substantive framework under which any of these fantasies can come true.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: