[VIM] Responsible Disclosure Article

Steven M. Christey coley at linus.mitre.org
Thu Sep 28 14:37:29 EDT 2006

On Sat, 16 Sep 2006, security curmudgeon wrote:

> I noticed a year or two ago that some of the big vendors (I think it was
> 'Real' originally) were reporting multiple researchers discovered an issue
> in the advisory. This made me wonder how often that occured, where
> multiple creditees were recognized for a big issue.

Like you, I don't have stats, but this does seem to happen more
frequently.  Probably a combination of an increase in the number of
researchers as well as improvements in tools and techniques?

> If two researchers (or more) can find the same bug, and both can sit on
> it for months at a time.. then we would be stupid to believe it stopped
> there.

Agreed.  And all the recent zero-days show that people ARE looking and
finding things that the public research community hasn't.

- Steve

More information about the VIM mailing list