It seems that there has been some hostility toward responsible disclosure this year. Mainly, I'm speaking of how Apple treated Charlie Miller recently. I've responsibly disclosed problems with an online business (to whom I am a customer), and gotten either indifference, or a legal threat. This really burns me, as I have entrusted this company with my business, and my personal info...yet it seems they don't give a &$#$ about security :mad: I realize nobody's perfect, and consider myself moderately skilled, but these were rookie programmer mistakes that should have been caught during QA.
That being said, I'm curious what other forum members think of responsible disclosure. What process do you follow? How has it worked out for you? What feedback did you get from the vendor?