A Merkle tree library for Rust, based on *ring*: https://github.com/SpinResearch/merkle.rs … I guess I'll just throw mine away now!
"[…] full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody." +1
-
-
wait I thought this was the opposite of best-practice? Is there a counter-movement to prevent, like, exploit hoarding?
-
Nope, this is the best practice.
-
Got any good links? What's the argument against priv disclosure? Naively, pub disclosure gives exploits more time before patch?
-
It's somewhat controversial. See e.g. https://security.googleblog.com/2010/07/rebooting-responsible-disclosure-focus.html …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.