- Published: 19 April 2015
that devs give us details when they update a security issue. As you will see in our listings, we will only say things like "slideshow, xss, 1.8". A little note like that can save people having un-patched versions on their system before they see a disclosure and then may take some time to update giving hackers a chance to exploit it.It also saves any confusion about what is and what isn't a current vel item.
That's why we ask people for their alerts as soon as possible so people know to update but we don't give hackers the tools to do it. we don't link to POC pages or anything like that.Some devs also think that hiding the security update in their change log, or saying it is only a small vulnerability, or saying after a page of product glorification that they have patched the script, is responsible disclosure.