Comment Re:Ridiculous (Score 1) 229
It is not the responsibility of a researcher who has discovered a vulnerability in some commercially available system to delay disclosure of the vulnerability until the system's manufacturer has had sufficient time to remedy the situation. The nature of the vulnerability is irrelevant to the question of when, where, and how to disclose. If the details are withheld, there is no public influence on the manufacturer to repair the system. If the details are disclosed, the customers will exert pressure on the manufacturer to make repairs. In the unlikely scenario that someone should use the disclosed details to exploit the vulnerability, the banks' insurance policies will cover the loss, representing a zero loss result to the bank customers. In the less likely scenario that private insurance policies do not cover the loss, the FDIC will cover the loss, up to $100k for each account. No substantial harm will be done. Disclosure benefits the banks and their customers.