> At what point in time did you try contacting any of the vendors for > these issues? the vendors of the affected softwares have not been contacted. > How do you propose a manufacturer fix an issue? in the security field a public vulnerability is a dead vulnerability, anyone who has found and released at least one security bug in his life knows it and knows to what I refer. 90% of the job of fixing a bug is just finding it first, I have even showed the details, the causes and the ways to replicate them. > Where in any of your advisories did you take the time to let a company > know: "hey you guys have some potential issues, here they are!!!" I have done it in the exact moment that I have uploaded my advisories on my website making anyone aware of the problems, included the same vendors that now can fix them. --- Luigi Auriemma http://aluigi.org
