With open source its pretty easy. You just file an issue or submit a PR.
With proprietary software its much more difficult to get the company's attention. So a lot of people will give a time frame where if the security flaw isn't fixed they will publicly disclose the vulnerability, thus forcing the company's hand.
With open source its pretty easy. You just file an issue or submit a PR.
With proprietary software its much more difficult to get the company's attention. So a lot of people will give a time frame where if the security flaw isn't fixed they will publicly disclose the vulnerability, thus forcing the company's hand.