Excellent presentation. My perspective upon reading this: there is a level of acknowledgement on the limits of exploit mitigations here that I haven't seen from Microsoft in the past, and the resulting "strategic shifts" look very positive.https://twitter.com/epakskape/status/1093488162318491648 …
-
-
But note: no browser is likely to have all of these things implemented all together in one place, at least not any time soon. So it's the acceptance that we can't exclusively engineer our way out of the problem with mitigations and sandboxing alone that I find significant here.
Show this thread -
Limiting the supply of good vulnerabilities has to be part of any mid-term solution, alongside mitigations and sandboxing. Microsoft have always known this (i.e. nothing I'm saying here is conceptually new), but I do read this presentation as a rebalancing of sorts.
Show this thread -
Regardless, even if my interpretation of the presentation isn't exactly spot on, this work tracks very close with Projects Zero's experiences/observations over the past couple of years. Great work as always from
@epakskape and the rest of Microsoft security!Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.