I think that's a lazy argument. Just because Google does one good thing (finding the vulnerability) doesn't make all their actions good. The affected party (in this case Cloudflare) has incentive to handle the situation in a way that's limit the damage to their customers and their customers customers (which are the ones affected). The 'security researchers' (in this case Google) doesn't have that incentive. In many ways they even have the opposite incentive, to disclose while it's still active so they can get larger recognition. The release rules aren't made to limit harm to the world, but to limit harm to Google.
Tavis Ormandy linking to leaked data to settle some personal groll is a pretty good example how much they really care about data leaks. I guess when you've already leaked all your customers data to intelligence agencies around the world while moving it between data centers it's hard to keep any form of standards.
Want to actually argue your idea with any sort of competition I suggest going outside HN.
Tavis Ormandy linking to leaked data to settle some personal groll is a pretty good example how much they really care about data leaks. I guess when you've already leaked all your customers data to intelligence agencies around the world while moving it between data centers it's hard to keep any form of standards.
Want to actually argue your idea with any sort of competition I suggest going outside HN.