The upside of all these Ruby security vulnerabilities is people are actively finding them and responsibly disclosing them so they get fixed
@postmodern_mod3 definitely have concerns about why the YAML stuff wasn't disclosed immediately as soon as a workaround was known
-
-
@bascule also by sitting on disclosures, you increase the chances that someone else will discover the same vuln and start exploiting it. -
@postmodern_mod3 information leaks. I'm very much guilty in that regard ;) -
@bascule it's actually pretty common for two separate researchers to audit the same software and find the same vulns. -
@postmodern_mod3 plenty of that be goin' on fo sho ;)
End of conversation
New conversation -
-
-
@bascule once you've released an advisory/patch, you've basically told the attackers where the vuln is. Attackers are not stupid.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.