WP Tavern › Forums › Create Topic
Chris Christoff (chriscct7) Nacin responded to this comment elsewhere, but 2 years is incorrect. He said (in reference to your comment on this blog): 1) The EFF staffer was not representing the EFF. 2) The issues reported publicly last week have essentially nothing to do with the blog post linked here. 3) The issues reported publicly last week have to do with custom WordPress.com functionality and configuration, and not WordPress core. 4) The full disclosure was well-intentioned. Unfortunately, nuance is a major role when discussing responsible disclosure. I have seen countless “full disclosure” reports that are wrong and invalid, or worse, that the reporter thought was “minor” but in reality is far more complex and deserved greater time. Part of that complexity here is that the issue was with WordPress.com the service, not WordPress the software. 5) I have seen many responsibly disclosed reports that are invalid. Responsible disclosure prevents these from escaping into the public. I’d question any shift to full disclosure by Ry Satterfield specifically because of this. 6) Full disclosure versus responsible disclosure for *software* is a whole different ballgame than what occurred here. It is a lot harder to justify full disclosure when we’re not dealing with a software vendor but with a hosted service.
Chris Christoff (chriscct7)
Nacin responded to this comment elsewhere, but 2 years is incorrect. He said (in reference to your comment on this blog):
1) The EFF staffer was not representing the EFF.
2) The issues reported publicly last week have essentially nothing to do with the blog post linked here.
3) The issues reported publicly last week have to do with custom WordPress.com functionality and configuration, and not WordPress core.
4) The full disclosure was well-intentioned. Unfortunately, nuance is a major role when discussing responsible disclosure. I have seen countless “full disclosure” reports that are wrong and invalid, or worse, that the reporter thought was “minor” but in reality is far more complex and deserved greater time. Part of that complexity here is that the issue was with WordPress.com the service, not WordPress the software.
5) I have seen many responsibly disclosed reports that are invalid. Responsible disclosure prevents these from escaping into the public. I’d question any shift to full disclosure by Ry Satterfield specifically because of this.
6) Full disclosure versus responsible disclosure for *software* is a whole different ballgame than what occurred here. It is a lot harder to justify full disclosure when we’re not dealing with a software vendor but with a hosted service.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content