一般在發現 Security Issue 後都會以 mail 先通知負責的單位 (Vendor),直到提供 patch 或是修正問題後才會將 Security Issue 公諸於世。
不過,有時候也會遇到不想鳥你的單位... 這時候就光明正大的給他一腳吧 XD
Google Reader "preview" and "lens" script improper feed validation:
IV. HISTORY
30th Jan, 2006 - Bug originally discovered
2nd Feb, 2006 - Vendor Notified
...
...
No vendor response
...
...
22nd Feb, 2006 - Vendor Notified again
22nd Feb, 2006 - Public Disclosre