Conversation

without this there’s nothing stopping vendors from saying “we already knew about this lol” for every critical vuln. it’s time to treat researchers fairly

Quote Tweet

Rado RC1

@RabbitPro

Sep 9, 2021

Replying to @h0mbre_

I feel like it should be in a platform's interest to make sure a vendor provides evidence about known vulnerabilities.

Daniel Micay

@DanielMicay

Replying to

@chompie1337

Most of the bugs that I report to Google get closed as duplicates. It's even more frustrating now that I don't care much about the bug bounties. I'm convinced that a decent amount of the time, they're misunderstanding what I reported. Can't see the supposed duplicate to check...

9:50 PM · Sep 9, 2021Twitter Web App

Replying to

and

We can't fix or work around most firmware issues in their hardware ourselves in GrapheneOS. Need them to listen, understand and fix it. I have a bug that I reported in the Titan M firmware on Oct 19, 2020 which is minor in terms of security but quite annoying when using it...

Replying to

and

Not much experience filing security bugs with other companies (although I do have some) but my experience with Google is they tend to take way longer than the 90 days they use for Project Zero. Waiting 150+ days after they close a supposed duplicate for the fix isn't very fun.

Show replies