I guess for some people, writing a full 'sploit shows that you got mad skills and maybe that's what some people want?
-
-
-
Sure, I like that too. I just don't think it's the best way to secure your product.
End of conversation
New conversation -
-
-
what about allowing finders to submit POC and analysis for initial payout and working exploit within N months if want more $
-
You don't need exploits to learn about vulns in your app and fix them. If you want to see exploits, offer a separate program.
End of conversation
New conversation -
-
-
might be a nice way for MSFT to stay on top of emerging/novel techniques I guess
-
Then offer a separate reward? That would also get them novel sploit tech from ppl who have no 0-day to bundle with it.
-
I agree!
End of conversation
New conversation -
-
-
@midnite_runr The incentive for Android's VRP is to see what other techniques are used, so they can be plugged if possibleThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@steventseeley@sirdarckcat had a blog post about it recentlyThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
From POV of exploit companies: good business plan. POV of vendors: bad business plan. Vendors are helping exploit companies
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
you just tweeted a gem
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
yeah and it doesn't make sense to write exploit for every vulnerability, when aim is to kill bugs.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.