Unpopular opinion: I’m ok with Americans hacking jihadis’ mobile phones rather than converting those bugs into CVEs.
Reporting and fixing these vulns has multiple effects that benefit users' security.
-
-
I’m having cognitive dissonance. Please explain how both these two statements are truehttps://twitter.com/RichFelker/status/767555019784724480 …
-
Not understanding which statements you're asking about & whether you find them contradictory or just both doubtful.
-
the one I linked and the one I replied to.
-
I'm working from a model where a given piece of sw has a (imperfectly known, maybe entirely unknown) vuln density.
-
Revealing vulns, especially when the sw was not previously known to be awful, has major positive effects on security
-
OpenSSL was a great example of sw that was assumed to be good until vulns were publicized. Cisco is similar IMO.
-
I think it's safe to say OpenSSL's vuln density is a lot lower now than it was before Heartbleed was public.
-
When sw has major vulns but they remain secret, even if 3rd parties don't rediscover the undisclosed vuln...
- 1 more reply
New conversation -
-
-
Things like prompting researchers to find other bugs in the same sw, informing users the sw is buggy, etc.
-
Public awareness like "Cisco appliances are crap" is really most valuable information to come out public disclosures
-
they're crap cause they have bugs? Please point me to the non-crap hacker proof network appliances.
-
They're crap because they're less secure than a trivial openvpn setup & a lot more expensive.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.