Disclosure Policy

I maintain the following policy of responsible disclosure:

I will announce vulnerabilities via techblog.
Vulnerabilities are published if no response is received from the author of the vulnerable product within one week of initial contact.
If response is received, disclosure is coordinated with product vendor.