We're seeing a lot of incomplete or broken security fixes recently, across the board. Presumably this is leading to a lot of cheap bugs for attackers, who are generally going to be more incentivized to analyze patches than defenders are.
-
-
If you're a security researcher that has recently had a high impact bug fixed incorrectly, let me know! I'm interested in collecting more examples.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
What is your opinion on the effects that disclosure deadlines have on a vendor's ability to perform effective variant analysis and fix verification? It seems like there is tension between "fix it fast" and "fix it thoroughly", particularly for complex issues.
-
Fast, correct, comprehensive. Pick two? :)
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.