via pluginvulnerabilities.com => original post link
This week we have been covering a mess that started with the developers of the Freemius library not properly handling a security issue we reported to them last year. Instead of addressing the issue at the time, they put out a post criticizing and lying about what had gone on. They wrote this about us warning about the vulnerabilities after they had released an incomplete fix (without giving us a chance to review the changes first):
Unlike last time, we didn’t even try to ask the reporter to remove the article as we’ve learned it’s a waste of time and our request can only backfire on us. Instead, we politely tried to understand the reasoning behind the unexpected disclosure to assess if/how we could avoid it in the future. [Read more]