RSnake posted this great story about how Mike Shaver, Director of "Ecosystem Development" at Mozilla Corporation, pledged to fix any critical vulnerabilities within "ten fucking days", and even provided a specially endorsed business card to prove the point:
He was allegedly sober (although I'd say he must be one of the only people at Black Hat who was) and it was apparently a personal undertaking rather than official company policy. But it shows a worthy commitment to security, and also an admiral refusal to take himself too seriously. I can't imagine someone senior at MS pulling the same stunt.
It motivated me to do something similar, so here is my promise: If someone reports any serious flaws in Burp, I will fix them within ten fucking years. No ifs, no buts, just a fix within ten years or your money back. Can't say fairer than that.
