"Helped fix" in the sense of pointing out problems in others' products. Let's acknowledge the actual fixers, shall we?https://twitter.com/benhawkes/status/877918512223707136 …
-
-
Oh hell no. If I had a nickel for every time I had to fix someone else's mistake ... Let's not make fixers out to be lusers.
2 replies 0 retweets 9 likes -
Replying to @wendynather @hellNbak_ and
Otherwise I could go around pointing out all kinds of mistakes to people ("bad choice of foundation!"). I might even be right.
2 replies 0 retweets 5 likes -
Replying to @wendynather @hellNbak_ and
But I wouldn't expect them to praise me for it. Nor would I swag about it.
2 replies 0 retweets 0 likes -
Replying to @wendynather @hellNbak_ and
I think we can celebrate the successes of both researchers and vendors/OSS! Celebrating one doesn't have to be at the expense of the other.
3 replies 2 retweets 18 likes -
Replying to @benhawkes @wendynather and
Literally what I came to tweet. The celebration of P0's success is not the degradation of those who designed or fixed the flaws. It's a win!
2 replies 0 retweets 1 like -
Replying to @DonAndrewBailey @benhawkes and
I know lots of people who make a very good living pointing out mistakes; fixing doesn't pay nearly as well. We need to address that.
3 replies 2 retweets 10 likes -
Replying to @wendynather @DonAndrewBailey and
Can we get a fixer track at most conferences? Can they have group t-shirts and be on CNN? Otherwise we won't make progress.
2 replies 1 retweet 4 likes -
Replying to @wendynather @DonAndrewBailey and
If half of the smart people on
@benhawkes's team worked on preventing these problems, they'd have 10x the downstream impact. We need that.1 reply 0 retweets 0 likes
We work on preventing the problems too! Attack surface reduction, sandboxing improvements, exploit mitigations, process/policy guidance, etc
-
-
Replying to @benhawkes @wendynather and
We've helped resolve some bug classes over the years. The VR starts a pipeline of work on structural improvements. Just not as high profile.
1 reply 1 retweet 4 likes -
Replying to @benhawkes @wendynather and
I think raising awareness of quality secure design and hardening methods is an epic win. The vulns help support and give example to the why.
0 replies 1 retweet 2 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.