Posted by Fyodor on Mar 14

Yeah, the general FD list policy is to reject requests for vendor contacts
unless they also include full disclosure of the bug details:

https://secwiki.org/w/FD_Moderation#Requests_for_vendor_security_contacts

It’s not that there is anything wrong with the more limited disclosure and
vendor pre-disclosure approaches, but those aren’t full disclosure and so
probably belong on a different list. This post must have slipped by one of
the…