As a third-party user: I completely concur. NDAs for security bug
access are pretty much standard, aren't they?
- d.
On 26 June 2014 15:08, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
I’ll be frank. I care a lot more about the security of
MediaWiki as a software product,
as well as the security of its customers (both WMF and third-party) than I do about
some made-up notion of “open access” to security bugs.
I think it makes complete sense to have people with access to security bugs sign an
agreement saying they will not release said bugs to the public until they have been
fixed, released, and announced properly.