
Walk a mile in Egor’s shoes - bradleyland
http://www.bradlanders.com/2012/03/05/walk-a-mile-in-egors-shoes/
======
jnazario
a couple of things. first, egor's actions are a good example of the "full
disclosure" debate that's been around for a long, long time. some pointers:

<http://www.schneier.com/crypto-gram-0111.html>

[http://www.schneier.com/blog/archives/2007/01/debating_full_...](http://www.schneier.com/blog/archives/2007/01/debating_full_d.html)

[http://www.schneier.com/blog/archives/2011/12/recent_develop...](http://www.schneier.com/blog/archives/2011/12/recent_developm.html)

secondly, egor's motives are NOT clear, you're assuming certain motives. while
he demonstrated some effort at trying to contact github to get their attention
and a modicum of restraint in his demonstration of the bug, don't assume his
complete set of motives are pure and goodly. he has, after all, gotten a
truckload of attention over this. fully disclosing an issue benefits the
reporter quite a bit, often more than anyone else (attackers included). it
would not surprise me if he had this in mind when he acted the way he did.

before you encourage others to walk a mile in egor's shoes, you should
probably figure out what kind of footwear he's wearing. you may be surprised.

~~~
bradleyland
It's not so much that I believe his motives were benevolent, but that I know
how conflicted one can feel when you A) know about a serious vulnerability,
and B) don't feel that it was taken seriously.

