@dcleblanc : It actually gets worse than that - if these idiots start pulling what are basically extortionist tactics (and yes, it is extortion, and is a crime), the whole security research community gets a big, fat ugly reputation.
I have zero problems with full disclosure - especially if the researcher tried to negotiate a reasonable deadline for the bug but the vendor decided to become all recalcitrant.
I do however have problems with extortion, and I'm very sure that the vendors (esp. large vendors) would as well. While Joe Sixpack's little software house wouldn't get much attention over such matters, I'm very sure that the likes of Microsoft could get the FBI/Interpol/whoever to snap-to in very short order. And before the s'kiddies on their first TOR jag start bragging about anonymity, that money has to get to you somehow - and a sting op is very easy to set up by a big vendor, esp. when reasonably large numbers are thrown around.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
