I think after a report has been published, the back & forth comments should not be viewable to the externs. If there is something important in there, it should be mentioned in the report itself. The only interesting thing is the timeline. From where it has been disclosed to when it was fixed & published. As in the other disclose processes, i.e. private mails or internal mailing lists, I think this should stay private.
I think after a report has been published, the back & forth comments should not be viewable to the externs. If there is something important in there, it should be mentioned in the report itself. The only interesting thing is the timeline. From where it has been disclosed to when it was fixed & published. As in the other disclose processes, i.e. private mails or internal mailing lists, I think this should stay private.