























> Also, interesting strategy to drive interest in support contracts.
Not sure. I mean, it highly depends on what is written in the support contracts etc – but if I as a company pay for support and maintenance, I would definitely not be happy if my contractor announces that they won't accept vulnerability reports (which also implies that they won't fix them, so they also leave me – as a paying customer – vulnerable).
I'm all for
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY
– and if you want professional maintenance, then make it official and pay me. But on the other hand, once there is a support contract, stuff becomes business; and I'm not sure if an implicit "we won't sight vulnerabilities for a month" aka "we might not fix well-known RCEs, even for paying customers" would really be a good selling point.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。