Posted August 10, 2019 Does GoG galaxy avoid this issue? Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB CPU: Ryzen 9 5900X Case: Antec P8 PSU: Corsair RM850x Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 10, 2019 On 8/9/2019 at 5:45 AM, ravenshrike said: It was 25 days since the 2nd researcher at HackerOne he contacted submitted a report to Valve. Which is basically 19 business days. He's an irresponsible conspiracy theorist getting pissy about being snubbed by HackerOne and reacting like a 3 year old throwing a tantrum. Wait so your saying it's ok for stema to go "Nope this isn;t an issue and don't tell anyone about it". Sorry but no it is not OK for steam to do that. If they refuse to fix it themselves then making it public so they have to is your only recourse at that point. Professional bug hunters have done exactly the same thing. You cna argue he should have waited longer but steam is the only one in the wrong here as far as i'm concerned. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 10, 2019 22 minutes ago, CarlBar said: Wait so your saying it's ok for stema to go "Nope this isn;t an issue and don't tell anyone about it". Steam never said anything of the sort. HackerOne did. Steam fixed it within 30 days of being notified by the 2nd researcher from HackerOne that DID forward the issue to them. That there are complete morons at HackerOne, while important to know in the long run and for any of their clients' continued relationship with them, is no excuse for what the whiny conspiracy theorist at the center of this did. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 11, 2019 On 8/9/2019 at 12:21 AM, Delicieuxz said: HackerOne officially handles Valve's Bug Bounty Program: https://hackerone.com/valve It was 3 weeks after the discovery had been submitted by HackerOne to Valve that HackerOne, for the second time, told the person who discovered it, Vasily Kravets, that the exploit is non-applicable and also told them to not tell anyone else about it. So, HackerOne telling the person who discovered it that the exploit is not relevant and to drop it without telling anybody about it sort of seems like it's Valve saying they aren't doing anything with it and that they want it to remain undetected. Vasily Kravets questions whether the exploit is a deliberate backdoor: Ah. Read between the lines. "This exists, but it is not useable, and you *cannot talk to anyone about it*." There are other reasons gag orders are applied. And it's has 3 letters in it usually, begins with F, and ends with I (Or in the UK, M and 5). [Edit] Or it's HackerOne being silly, when they could have said "thanks, can you give us 1/2/3 months on this, we will make a nice blog post about you, and you can get famous for discovering it/etc, once we fix it!" Like, don't shoot the messenger, you only annoy people. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...