A valid point.
But responsible disclosure in the world of un-patchable devices that actually move and can cause physical harm once pwned feels a little bit different. While we've done things to mitigate a blast radius, publicising guilty names would still lead to lots of damage because you know, these are toy cars.
ziddoap|3 years ago
The only reason not to release names after a reasonable responsible disclosure timeframe is because the researchers somehow think they are the only ones that will ever find that flaw. Pure hubris. Some malicious person will eventually find those same flaws, and then I'm fucked without being given the opportunity to evaluate whether or not I want to risk getting fucked.