So no I don't think someone is likely to burn a 0day on ransomware. However...
-
-
Reporting and fixing these vulns has multiple effects that benefit users' security.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @curtiswallen
the grugq Retweeted Rich Felker
I’m having cognitive dissonance. Please explain how both these two statements are truehttps://twitter.com/RichFelker/status/767555019784724480 …
the grugq added,
1 reply 0 retweets 1 like -
Replying to @thegrugq @curtiswallen
Not understanding which statements you're asking about & whether you find them contradictory or just both doubtful.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @curtiswallen
the one I linked and the one I replied to.
1 reply 0 retweets 0 likes -
Replying to @thegrugq @curtiswallen
I'm working from a model where a given piece of sw has a (imperfectly known, maybe entirely unknown) vuln density.
1 reply 0 retweets 0 likes -
Revealing vulns, especially when the sw was not previously known to be awful, has major positive effects on security
1 reply 0 retweets 0 likes -
OpenSSL was a great example of sw that was assumed to be good until vulns were publicized. Cisco is similar IMO.
1 reply 0 retweets 0 likes -
I think it's safe to say OpenSSL's vuln density is a lot lower now than it was before Heartbleed was public.
1 reply 0 retweets 0 likes -
When sw has major vulns but they remain secret, even if 3rd parties don't rediscover the undisclosed vuln...
1 reply 0 retweets 0 likes
...the sw stays in widespread use with lots of vulns present, and malicious parties discover & exploit other vulns.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.