What to do in this situation?

[PowerCum]

What to do when you have developed a product and you see that your product has a security bug. You fix the security bug and then you see that almost all your competitors have the same security bug into their products as they use the same method to do the things as you.

The bug itself allows malicious webmasters to steal all the traffic from any site running a buggy product.

Should I relase the bug publicly and fuck my competition fucking lots of webmasters in the process (of course webmasters that do not use my product, so they will migrate to me) ?
Or is it a better option to contact my competitors and warn them about the bug and tell them how to fix it ?

I usually don't give a fuck about my competitors, but in this case lots of sites would become really easy target to any cheater around.

Post your opinions please.

[<IMX>]

Contact them and give them a set time to fix it.

[XxXotic]

why do other people's work for them? if theyre not on top of their own shit... why should you be?

it may be kinda callous way to look at it but you're not responsible for your competitors business

[<IMX>]

True, but you don't increase your market share by fucking webmasters. They aren't going to look at as the script programmers fault...they will look at it like it is YOUR fault.

Anounce the bug (not how to fix it) if they want they can pay you for your fix.

Give them a reasonable time to fix it.
Say 3 days. Then announce it publically.

Quote:

Originally posted by XxXotic
why do other people's work for them? if theyre not on top of their own shit... why should you be?

it may be kinda callous way to look at it but you're not responsible for your competitors business

[PowerCum]

Quote:

Originally posted by XxXotic
why do other people's work for them? if theyre not on top of their own shit... why should you be?

it may be kinda callous way to look at it but you're not responsible for your competitors business

That is what I usually do as my competitors business is not mine, so I don't care about them.
And probably will do it in this way as in the past my competition has not been nice to me nor even tried to fix any security bug I reported to them.
The problem is that this time the bug is quite serious and there will be more than 4000 sites vulnerable once the it goes released on public. Just imagine any traffic cheater getting advantage on that.

[XxXotic]

Quote:

Originally posted by PowerCum


That is what I usually do as my competitors business is not mine, so I don't care about them.
And probably will do it in this way as in the past my competition has not been nice to me nor even tried to fix any security bug I reported to them.
The problem is that this time the bug is quite serious and there will be more than 4000 sites vulnerable once the it goes released on public. Just imagine any traffic cheater getting advantage on that.

i understand that, and it is somewhat of a dilema, i dunno, i'm not normally the fuck everyone else kinda person, but there's a point where ya gotta stop worrying about everyone else... thats what they employ people for, if their employees arent doing what theyre paid to do, i.e. finding security issues like that..... i mean think about it, what would your competitors do in this situation? would they keep it hush hush or would they "do the right thing" and kill the exploit?

tough decision..

imx seems to have a good solution, let them know about the bug and offer to sell the fix to them, all parties can walk away happy and secure

[integrated]

i only use scripts coded in turbo pascal that i do myself

i dont care what you do im secure

[PowerCum]

Well. I released a fix for my product, and also warned the competitors, so they can take a look at this post:
http://www.gofuckyourself.com/showth...hreadid=186229

As my users take less than 24 hours to see the bug report and upgrade, I gave to them 24 hours too. and the report + proof of concept code is available for a small fee.

Have a nice day