Comment responsible disclosure is a myth? (Score 1) 163
I think everything else you wrote was good but in the case of disclosing security attack vectors, letting everyone know or only letting hackers know, before giving the company a chance to fix the security hole results in a great many more hackers using the attack vector than if it had been reported without public disclosure. We have no idea who figured out the attack vector first, the researcher could very possibly be first, or be one of the first, to discover it. Do hackers always share attack vectors with other hackers immediately after finding them?
Security bugs are very different from functionality bugs and should not be compared. Similarly the disclosure of these bugs should follow different paths.