Every piece of hard data available suggests: 1) patches don’t have 100% deployment 2) criminals disproportionately use known vulnerabilities
-
-
Replying to @thegrugq
Any argument for the IC subsidizing Microsoft’s QA process has to account for the increased quantity of vulns made avail to criminals.
3 replies 7 retweets 5 likes -
Replying to @thegrugq
Are “we“ safer w/ every threat actors possessing more exploits for patchable bugs, or w/ fewer TAs possessing exploits for unpatchable bugs?
6 replies 8 retweets 7 likes -
Replying to @thegrugq
Depends on whether the "I" in your "we" applies patches.
1 reply 0 retweets 1 like -
Replying to @RichFelker
ppl making these arguments always seem to love saying “we” so I’ll leave it open too. I think it’s so they can No True Scotsman
1 reply 0 retweets 0 likes -
Replying to @thegrugq
Certainly _I_ want to be able to defend, but I acknowledge there's a "public health" side too.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @thegrugq
But the solution isn't allowing criminal NS actors to keep vulns hidden. It's imposing costs for bad security practice.
1 reply 0 retweets 1 like -
Replying to @RichFelker @thegrugq
Making sw vendors liable for security bugs and businesses using unpatched sw liable for harm to others when they're compromised.
1 reply 1 retweet 1 like -
Replying to @RichFelker
that seems like a good idea up until it isn’t. Markets can solve problems if they have the information.
@dotMudge (may) solve it1 reply 0 retweets 2 likes
That's basically how it already is for financial inst. The only proposed change is putting a value on ppl's privacy/personal data.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.