Bug Disclosure Policies and the Eternal Discussion about Security ♨

In theory, there is the evolution from bug over to weakness, vulnerability and finally the exploit. Errors in code and application behaviour are interesting for any serious developer. Security researchers also look for bugs and ways to make code do something it wasn’t designed for. In the absence of critical failures in applications, the process of reporting bugs and getting them fixed everything is smooth and less prone to heated discussions (YMMV, some software projects feature persons with very strong opinions). All of this changes when…