tag:blogger.com,1999:blog-3024470480937744884.post7861077724497011267..comments2024-03-18T04:40:58.042-07:00Comments on Security: Fixing responsible disclosureChris Evanshttp://www.blogger.com/profile/01004765479735675808noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-3024470480937744884.post-46614233613027546302010-07-21T10:25:23.308-07:002010-07-21T10:25:23.308-07:00@c: I don't research mobile devices, but I can...@c: I don't research mobile devices, but I can draw some parallels with open source bugs I've found and reported in e.g. libpng. I'd expect the libpng software team to have a fix within 60 days, but they don't have control over all the places that have decided to embed libpng in software or even devices.Chris Evanshttps://www.blogger.com/profile/01004765479735675808noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-70002501100532731892010-07-21T07:05:50.106-07:002010-07-21T07:05:50.106-07:00Cool. Does that means that if I report an Android...Cool. Does that means that if I report an Android vuln that it will be patched in an OTA on all affected phones within 60 days?cnoreply@blogger.com