One thing that I appreciate about Qualcomm/CodeAurora security bulletins (and Chrome's release notes) is that they include the "reported by researcher" date -- it enables some basic (but important) time series analysis on patch development, e.g. average time-to-fix.
-
-
Android still reports who reported the bug. But like you said, they have removed the reported by date. https://source.android.com/security/overview/acknowledgements … You can theoretically go from Android-ID to report date by comparing Android-IDs of public bugs to those of sec bugs. I believe A-ID are incremental
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Mozilla reports it indirectly via the bug link. Eventually the bug is made public but even before then the date can be inferred from the sequential number.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Security isnt it to defeat or is it to encourage !


Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This Tweet is unavailable.
-
How does that relate to the tweet you replied to though?
End of conversation
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.