I can't tell for sure whether this has some merit or whether it's completely stupid. It's at least mostly/only relevant to shipped proprietary software, I think...https://twitter.com/polytomous/status/1025869511004577792 …
And it largely prevents non-malicious researchers from helping you find and fix the bugs that well-funded attackers may already know.
-
-
Even if you have to model vulns as infinite, it's not clear how you should model vulns already known but undisclosed, and what the probability of rediscovery is before this obfuscation.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.