- Forum: General Discussion
Proper protocol generally involves notifying the vendor and giving them a reasonable amount of time to distribute a fix. It does not require withholding the exploit until a fix has been distributed. The article states:It's not clear when he notified Apple, but there is ample precedent for releasing details of an exploit when a vendor seems to be sandbagging on a fix. Notably, this has happened to Microsoft in response to IE exploits.