Most big project have some kind of coordinated disclosure mechanism for vulnerabilities. I wonder if the solution is to exclude predatory businesses from participating in these programmes. If you buy Foo-as-a-Service from AWS, it’s fine, but be aware that you won’t get security patches until after they’re released to everyone else.
Most big project have some kind of coordinated disclosure mechanism for vulnerabilities. I wonder if the solution is to exclude predatory businesses from participating in these programmes. If you buy Foo-as-a-Service from AWS, it’s fine, but be aware that you won’t get security patches until after they’re released to everyone else.