I really don't understand the attitude.
I know it is all too common, but why?
The software I work on doesn't have any security implications, beyond possibly freezing the desktop. However if I'm told about a bug in my code - especially if a proof of concept is included, it goes straight to the top of my TODO list (unless it's impossible to replicate). What is the point of doing anything else?
Biting the hand that feeds IT
