Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Responsible disclosure (where the vendor is notified first) has proven to be an unmitigated disaster. Vendors simply ignore the vulnerability report as long as possible. The only way vulnerabilities get addresses is when a PoC is created and publicized.

Buyers of exploits (at least those who aren't blackhats/criminal enterprises) generally intend to use them for their security services/applications. They have to have the latest exploits otherwise they can't protect their clients.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: