> This creates a strong incentive for the company to spend resources that they otherwise have no desire to spend on security
Sometimes though, “Responsible Disclosure” or CVD is creating an incentive to silence security issues and long lead times for fixes. Going public fast is arguably more sustainable in the long run as it forces companies and clients to really get their shit together.
Sometimes though, “Responsible Disclosure” or CVD is creating an incentive to silence security issues and long lead times for fixes. Going public fast is arguably more sustainable in the long run as it forces companies and clients to really get their shit together.