The 2017 Pwnie winner for lamest vendor response goes to Lennart Poettering for systemd. According to CSO which has reported on it, the Pwnie winners which were announced a few days ago, the summary for Lennart and systemd reads as follows:
The most spectacular mishandling of a security vulnerability by a vendor ended up winning a Pwnie for Lennart Poettering due to SystemD bugs 5998, 6225, 6214, 5144, 6237. The nomination reads: "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message. But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
(Score: 4, Informative) by kaszz on Monday July 31 2017, @04:41PM
Just get this:
* systemd is shit. And lack input validation like sane software.
* Poettering is arrogant and incompetent. And if he is competent, he surely doesn't show it where it counts.
* RedHat is Poetterings master.
* Poettering and RedHat should be made to suffer the cost they try to externalize, not be assassinated.
* CVE is about security problems. systemd is a security problem. So is the author of it and the company the author works for.
* Security is a serious issue these days. So any move to compromise it by design will have their personal flame festival.