- From: Philippe Le Hégaret <plh@w3.org>
- Date: Tue, 28 Feb 2017 16:17:31 -0500
- To: Rich Kulawiec <rsk@gsp.org>
- Cc: public-security-disclosure@w3.org
On 2/28/2017 1:58 PM, Rich Kulawiec wrote: > Conclusions: > > The best disclosure is full disclosure. Assume that worthy adversaries > already know all the details (or will know VERY soon) and that those > with sufficient resources and motivation have already acted (or will > act VERY soon). This accurately reflects contemporary reality. I don't think the draft is disagreeing with this statement. It proposes a time period "(usually not to exceed 90 days)" before full disclosure can be published, attempting to find a balance between existing regulations and researchers needs. > The best move for the W3C, the thing that best serves the needs of > the billions of Internet users out there, is to drop this proposal: > "responsible disclosure" isn't responsible. It is actually meant as a coordinated disclosure template. It doesn't use the term "responsible disclosure" and doesn't attempt to push to shift responsibilities around. Philippe
Received on Tuesday, 28 February 2017 21:17:41 UTC