Ed Finkler (of CERIAS) just pointed me to a blog post made by one of his colleagues about reporting vulnerabilities.

The post discusses the risks associated with reporting vulnerabilities, and the conclusions drawn are disappointing but understandable. It's worth a read, and it relates slightly to a discussion Paul Jones and I had last year.

I've seen my share of irresponsible disclosure (and publicity), but it's sad that a basic risk analysis dissuades well-intentioned people from doing the right thing.

Note: You can Digg it.

Chris Shiflett Boulder-based founder, designer, and developer. Co-founder of Studioworks and Schoolcase, and founder of Faculty, a product studio. Writing about building things on the web since 2000. More about Chris →