This @ExodusIntel drama is a good example how you can behave unethically even when you are in the right.
-
-
@attritionorg Exodus cannot ethically disclose anything confidentially submitted to the ZDI no matter how much independent work was done -
@ErrataRob I understand the perception and problems it may cause, but I don't think it is unethical on a blanket basis.
End of conversation
New conversation -
-
-
@attritionorg That they did not know it was the same bug is a valid excuse, but "I discovered it independently" is not. -
@ErrataRob Even when he did discover it independently, and first? -
@attritionorg Only if he can show independent documentation. -
@ErrataRob independent as in, not from him or ZDI? doubt that is possible. -
@attritionorg ZDI counts. If ZDI confirms a record in their database pointing to that sprintf(), then it's fine. -
@ErrataRob and the evidence Portnoy posted, screenshots from the ZDI portal, are not acceptable to you I take it? -
@attritionorg No. That's not confirmation it's the same bug. That's why I said details pointing to the same sprintf -
@ErrataRob ah. ZDI would have to provide that I think, based on seeing their portal. - 2 more replies
New conversation -
-
-
@attritionorg@ErrataRob@aaronportnoy maybe it should be “responsible sitting on 0day for extended periods of time” -
@thegrugq these days, if anyone assumes their 0day in $desktopsoftware hasn't been discovered by others, they are naive. -
THIS x 1000 RT
@attritionorg these days, if anyone assumes their 0day in $desktopsoftware hasn't been discovered by others, they are naive.
End of conversation
New conversation -
-
-
@attritionorg@ErrataRob@aaronportnoy I think we can all agree that the real culprit here is this so-called “responsible disclosure” ;) - End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.