#MSBounty programs working already, encouraging researchers to report issues earlier.http://blogs.technet.com/b/bluehat/archive/2013/07/03/new-bounty-programs-one-week-in.aspx …
-
-
.
@attritionorg@ochsff each vendor's vulns are different. Our data showed most finders were holding bugs until after beta. -
-
.
@attritionorg@ochsff we're white market. Something tells me this deserves a blog post. How about next week? -
New conversation -
-
-
@attritionorg@k8em0@ochsff Precisely what I was wondering... cuz, um, there's already some money changing hands out there... -
.
@cryptorobert@attritionorg@ochsff sure, but not many researchers have those contacts. We're here for everyone else. :-) -
@k8em0@cryptorobert@ochsff I only have anecdotal evidence, but I think you may be surprised how many know where to go. -
.
@attritionorg@cryptorobert@ochsff there's a small # of researchers capable of finding critical vulns, smaller # who can exploit. -
@k8em0@cryptorobert@ochsff agreed. talking about those who have contacts that could lead to higher bidders. that may surprise you -
.
@attritionorg@cryptorobert@ochsff highest bidder sellers are ok selling for offense. White market researchers sell, but for defense.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.