When legitimate security researchers notify technology vendors about security flaws in their technology, the best thing that the vendor can do is to welcome the information with open arms. When a vendor reacts with hostility it appears as if the vendor is attempting quash the security research instead of resolving the vulnerabilities identified by the research. While the hostile reaction is usually an attempt to “save face” it usually does the opposite and sends a dangerous false message to the vendors customers. That message is “We care more about saving face than we do about your security.” On the other hand… Vendors that work with security researchers in a positive and friendly manner send the message that they “care about the security of their customers”. This Forbes article contains key examples of “Software Bug Blowups“, in fact, it even covers the SNOsoft + HP + DMCA fiasco that happened back in early 2000.
