And what is the insurance in the Linux case, for which the analogy was being made?
Linux was informed properly, and the vuln was not disclosed until 30 days after the kernel was patched.
The real debate here is what went wrong with getting that info downstream, and whose responsibility was that?
alt Hacker News
Linux was informed properly, and the vuln was not disclosed until 30 days after the kernel was patched.
The real debate here is what went wrong with getting that info downstream, and whose responsibility was that?