> I'm the security researcher in question (and author of this post). What a company does when pressured by their customer base and what they do when no pressures exist are two very, very different things
Totally agreed.
> Had I approached them with these vulnerabilities ahead of time, it's highly likely that they would have used their considerable cash reserves to strong-arm me legally into not releasing this data, and the issue would not have been resolved.
I guess we'll never know will we?
Edit: To be fair, I don't have a stake in this either way, and I'm glad the end result is that they're taking the threat seriously.
Totally agreed.
> Had I approached them with these vulnerabilities ahead of time, it's highly likely that they would have used their considerable cash reserves to strong-arm me legally into not releasing this data, and the issue would not have been resolved.
I guess we'll never know will we?
Edit: To be fair, I don't have a stake in this either way, and I'm glad the end result is that they're taking the threat seriously.