alt Hacker NewsI.. just can't wrap my head around that.
Once the notification is in and the shell demostrating it is up it should be immediate redeploy to a clean state, fix the hole, redeploy to a patched state.
The shell disappears on step one.
Instead some moron has the audacity to get all hurt because the broken system he is responsible for has not been patched back by the attackers?
What is this lunacy?
It's at the minimum a bit impolite to leave the system more vulnerable in between sending the report and the report being received and acted on.