Whether you find bugs in someone else’s product or someone outside of your company identifies a bug in your product, it is important to understand the different views around reporting security vulnerabilities. Appropriate actions to take both by the bug finder and the vendor once a bug is identified are heavily debated. Vendors usually want the issue to be kept quiet until it is fixed, whereas some bug finders believe in immediate public disclosure. This chapter discusses some of the controversy. In this chapter, you will learn how to responsibly report ...