Fix flawed software, don't gag the researcher
If you ran a software company and an independent security researcher contacted you with proof that your product contains security vulnerabilities, how would you react?Over the past 18 months I have come across three very prominent cases where security researchers have been ignored, gagged and even called terrorists, by vendors.