https://bugs.chromium.org/p/project-zero/issues/detail?id=837 … G: Sup Apple we found an entirely *new bug class*, fix in 90 days kthxbai. A: Plz wait a few more weeks. G: F*** you
-
-
Replying to @aionescu
When we started Project Zero, vendors told us that they couldn't possibly be expected to fix _any_ kernel bugs in under 90 days.
1 reply 1 retweet 4 likes -
Replying to @benhawkes @aionescu
I can say this without speculation: this specific issue could have been fixed under deadline.
2 replies 1 retweet 10 likes -
Replying to @benhawkes @aionescu
The fact that it wasn't is worthy of discussion, certainly, but there's no need to ascribe malice to either party.
1 reply 0 retweets 4 likes -
Replying to @benhawkes
The history shows one side repeatedly asking for a little bit more time, and one side repeatedly saying no. It's not malice...
1 reply 0 retweets 1 like -
Replying to @aionescu @benhawkes
... but it doesn't seem like a partnership. Especially when "senior leadership" is called out for having gotten involved.
3 replies 0 retweets 5 likes -
Replying to @aionescu
Partnerships also involve setting expectations. Overall: I think our expectations are reasonable and effective.
1 reply 0 retweets 4 likes -
Replying to @benhawkes @aionescu
Importantly, we set those expectations based on what we think is optimal for user security.
1 reply 0 retweets 3 likes
In this respect we're always open to new data, better models. But ultimately everyone's just trying to do the right thing.
-
-
Replying to @benhawkes @aionescu
I always thought ultimately Kiwis were just trying to do sheep. ... learn something new every day!
1 reply 0 retweets 9 likes -
"come over, have a P0 sandwich and a hoon on the bug disclosure policy"
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.