> Should start-ups or FOSS monitor social media for security reports? Don't they define reporting processes of their own?
If they do have Twitter and other social media accounts for support then I think they should.
The story behind this particular report seems muddled quite a bit and the history of the report is quite weird. Maybe they wanted to have dibs on the report as Apple does not have a bounty program?
>The story behind this particular report seems muddled quite a bit and the history of the report is quite weird.
That's, pretty much, what I'm getting at. Everyone wants to jump on the "Apple's done a shit job with this" bandwagon, which - if you hate Apple - that's your perogative, but to go from reporting it, to a tweet, to full drop of the exploit publicly in less than a day from the actual tweet isn't going to end well for any company - no matter who it is.
>Maybe they wanted to have dibs on the report as Apple does not have a bounty program?
That's - ultimately - what I believe happened here.
If they do have Twitter and other social media accounts for support then I think they should.
The story behind this particular report seems muddled quite a bit and the history of the report is quite weird. Maybe they wanted to have dibs on the report as Apple does not have a bounty program?