←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1124 points CrankyBear | 1 comments | 11 Nov 25 18:32 UTC | HN request time: 0.216s | source
Show context
ksynwa ◴[11 Nov 25 20:15 UTC] No.45892229[source]
What is the point of Google's Project Zero?

I'm not being dismissive. I understand the imperetive of identifying and fixing vulnerabilities. I also understand the detrimental impact that these problems can potentially have on Google.

What I don't understand is the choice to have a public facing project about this. Can anyone shine a light on this?

replies(5): >>45892326 #>>45892506 #>>45892597 #>>45893019 #>>45896085 #
1. NegativeK ◴[11 Nov 25 21:19 UTC] No.45893019[source]
PR.

And pushing forward the idea that "responsible disclosure" doesn't mean the software creator can just sit on a bug for as long as they want and act superior and indignant when the researcher gives up and publishes anyway because the creator is dragging their ass.