And yes, I have my opinion. I am curious about other opinions because I am extremely biased as a manager of a VDB.
@dakami Right, so maybe 90% of apps don't parse, but 10% do. Translated in real world, how many apps *do*? What value then?
-
-
@attritionorg@dakami so what you're saying is most of it is all FUD or what? Trying to follow this train... -
@xxDigiPxx FUD? absolutely not. Dan just picked up on an important distinction. Maybe not 100k apps vuln, maybe "only" 10k? -
@attritionorg Thanks. Was just wondering if it was a poke at "the sky is falling" mentality, or focus on true attack surface and real 0days. -
@xxDigiPxx This is no poke, this is true sociology and perception of value of vulns. Asking twitter because I don't know. -
@attritionorg If companies don't take it seriously, they only will when it costs them money or creates impact, so how do you "value" base it -
@xxDigiPxx They may take it "seriously", but base decisions on scanners and VDBs.
End of conversation
New conversation -
-
-
@attritionorg Even if they parse, can I make it parse *my* stuff? Vector analysis is the key here. -
@dakami For sake of argument, if they parse an image, vuln in LibTIFF / libjpeg / libpng, and app parses = disco
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.