← Back to context

Comment by tptacek

4 years ago

If you want up-to-the-second research results on Wi-Fi vulnerabilities, you are welcome to start your own research group, generate your own results, and share them however you'd like. You are not entitled to access to other people's results on your own terms.

I'm not a believer in coordinated disclosure and long embargoes (I think P0 does it just about right, though I'd make it 45 days instead of 90). But if I was offered information about a protocol vulnerability under a long embargo, accepted it, and then broke the embargo terms, I wouldn't whine about it next time when I wasn't included. Honestly: I wouldn't whine about it under any circumstances, even if I studiously complied with the embargo. Because we're not entitled to other people's work.

4 comments

tptacek

Reply
tedunangst  4 years ago

You have mischaracterized the original agreement.

  • tptacek  4 years ago

    I read the email thread, and stsp's comments on Lobsters. I get that there's a grudging agreement on both sides that OpenBSD can't abide by long embargoes, and will simply get notified later in the process when those are expected. That seems like a fine outcome, and not a cause to dunk on a researcher for having a "secret club".

    • anjbe  4 years ago

      Like I said upthread:

      > I think simply pushing back against the length of an embargo should not be characterized as breaking an embargo.

      I didn’t like the “secret club” comment either.

      1 reply →