In every case, the vulnerability was discovered by researchers or the manufacturer itself, privately disclosed to the system designers, patched by the designers, and only afterwards published along with the fact that the system was no longer vulnerable. In computer security, we have a name for this: “responsible disclosure.” The opposite of that is a “zero-day vulnerability.” This is a vulnerability that is first discovered in secret, by criminals, governments, or hackers that sell to criminals or governments—and the organization in charge of the system doesn’t learn about it until it’s used
...more
