I mis-remembered. It is interesting to read that thread again[1] since there was a similar discussion about disclosure.
FTR, I don't think that the gap between saying there is a security vulnerability and describing it is very large, especially when the audience contains capable penetration testers.
FTR, I don't think that the gap between saying there is a security vulnerability and describing it is very large, especially when the audience contains capable penetration testers.
[1] http://news.ycombinator.com/item?id=1696477