well, we all know these gimmicks are not about protecting users, or a realistic mitigation would have been provided.
-
-
Replying to @hsultan75 @revskills
Of the practical options available to researchers, I think deadlines give the best outcomes for user security.
2 replies 0 retweets 0 likes -
Replying to @benhawkes @revskills
deadlines are ok. Impossible deadlines are not. Dropping details of a 0-day w/o realistic mitigation is not.
1 reply 0 retweets 0 likes -
you could simply have announced that a vuln existed in w32k w/o giving details. Would have been a lot less dangerous
2 replies 0 retweets 0 likes -
Replying to @hsultan75 @revskills
FWIW, Project Zero has nothing to do with the win32k stuff you're referring to...
2 replies 0 retweets 0 likes -
Replying to @benhawkes @revskills
could be. But that policy is also used by P0. It's the policy and its application by GOOG that's wrong
1 reply 0 retweets 0 likes
You said that deadlines are OK, but that our application is wrong. Details? What should we do exactly?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.