Brian Krebs has published an interesting interview on his KrebsOnSecurity blog with Evgeny Legerov, the founder of Russian security firm Intevydis.
In the interview Legerov reveals that he plans to take the controversial step of releasing details of previously undocumented zero-day vulnerabilities in several widely-used software products, as he is fed up with software vendors not taking the security holes seriously:
“After working with the vendors long enough, we’ve come to conclusion that, to put it simply, it is a waste of time. Now, we do not contact with vendors and do not support so-called ‘responsible disclosure’ policy,” Legerov said. For example, he said, “there will be published two years old Realplayer vulnerability soon, which we handled in a responsible way [and] contacted with a vendor.”
Read more in my article on the Naked Security website.