It's standard practice for a security researcher who finds holes in software to privately inform the software vendor before making the flaw known to the public.
How much time should elapse between the two events is debatable, but a Google researcher has recently come under fire for giving Microsoft just four days notice about a flaw, then releasing a proof-of-concept exploit.
Artikel Terkait:
