>If you contact them, you can at least give them time to patch the flaw for software, or time to start producing a new line of locks in this case.
Will I be paid for the effort? Or am I expected to give them information for free when they would never do the same for me? Ethics is a two way street and after superfish (among other issues) I owe this company no ethical obligations.
>If you release it to the world before they're even aware of it, there's a gap where there is absolutely no mitigation whatsoever.
Quite a convenient way to blame me for their security flaw in their product. No, this is solely on them, and as I already pointed out, they have aready burned up any professional ethical obligations.
Will I be paid for the effort? Or am I expected to give them information for free when they would never do the same for me? Ethics is a two way street and after superfish (among other issues) I owe this company no ethical obligations.
>If you release it to the world before they're even aware of it, there's a gap where there is absolutely no mitigation whatsoever.
Quite a convenient way to blame me for their security flaw in their product. No, this is solely on them, and as I already pointed out, they have aready burned up any professional ethical obligations.