Project Zero Policy and Disclosure: 2020 Edition -- https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html …
I thought part of disclosure at patch time was to ensure everyone has access to the vulnerability information. Is there any concern with the subset of people doing patch analysis knowing more than everyone else?
-
-
Great question, I'm definitely concerned about it and it was a big part of our discussions. Talking to a lot of vendors, they're generally aware of this type of analysis, but it wasn't always the biggest factor in terms of motivating them to improve patch speed/quality/adoption.
-
For the vendors that want to disclose information closer to the patch date, we still have that option though. I suspect quite a few will still want to align disclosure around security bulletins.
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.