On Wed, 20 Jan 2016 14:15:14 +0000 Wade Mealing wrote: > I'm all about improving process, I imagine I would have done the same > steps. What changes to the responses would need to be made to be > less limited ? Understand that i'm not taking this personally and > consider this an opportunity for Red Hat Security to improve as a > group. Just to make this clear, I was not involved at all. I based my statement purely on publicly available information from the advisory that says: "We unsuccessfully tried to contact the vendor for several months. We never received any response on our bugtraq ticket:" So I'm not the right person to discuss what went wrong in the process. FWIW I tried to reach out to one of the people doing this research (Sergej Schumilo) and hope we can make sure these issues get tackled. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42