← Back to Topics

Responsible Disclosure Debate

The cluster centers on debates about responsible disclosure practices for security vulnerabilities, including its ethics, necessity, definitions, and whether public announcements before patches aid or harm security.

➡️ Stable 0.9x Security
4,628
Comments
19
Years Active
5
Top Authors
#9368
Topic ID

Activity Over Time

2008
14
2009
41
2010
66
2011
164
2012
214
2013
225
2014
260
2015
257
2016
317
2017
436
2018
426
2019
379
2020
264
2021
333
2022
247
2023
247
2024
293
2025
436
2026
9

Top Contributors

tptacek (207) lawnchair_larry (26) sneak (22) akerl_ (16) ziddoap (15)

Keywords

e.g IMO AmEx bugcrowd.com CVD ycombinator.com TechCrunch RSA IP disclosure responsible security vulnerability vulnerabilities disclose disclosing public security vulnerabilities ethical

Sample Comments

pmx Oct 7, 2020 View on HN

The right thing to do is follow Responsible Disclosurehttps://www.bugcrowd.com/resource/what-is-responsible-disclo...

kossae Aug 12, 2019 View on HN

How is disclosing critical security vulnerabilities responsibly a bad thing, again?

largbae Nov 1, 2025 View on HN

Would this not defeat the purpose of responsible disclosure? As a bad actor I could learn of secret vulnerabilities from this channel.

contras1970 Jan 1, 2018 View on HN

that would have been a withholder, not disclosure. you need to disclose the vulnerability to those who are vulnerable for it to be disclosure, and nothing else is responsible.

jlgreco Jun 14, 2013 View on HN

Further evidence that "responsible disclosure" is not responsible.

yjftsjthsd-h Oct 31, 2021 View on HN

What ethical issue do you see? What is there to responsibly disclose? Software vendors do this on purpose; they don't need notification.

jackgavigan Dec 31, 2016 View on HN

Is responsible disclosure not a thing anymore?

nraynaud Sep 10, 2013 View on HN

isn't this kind of stuff subject to responsible disclosure?

chinathrow Feb 28, 2016 View on HN

Responsible disclosure, anyone?

fffggg May 24, 2012 View on HN

Responsible disclosure exists in order to allow an obscure, previously undiscovered bug to be patched before others know about it. The idea is that no one else is likely to discover the issue while it is repaired.This is not an obscure bug. This is obvious -- very obvious. Many people will have discovered this already. Furthermore this is a pre-release product.There is nothing to be gained by not talking about it.