Attempts to score vulnerabilities for severity are disconnected from the reality of exploiting them.pic.twitter.com/Km7mgW2Kuh
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Bounties have little overlap w exploit development. Not in skill required, techniques developed, or bugs discovered.https://twitter.com/withzombies/status/839870870545850368 …
Extraordinarily few people are capable of professional exploit development, an order of magnitude less than the number of bug bounty hunterspic.twitter.com/G1rD45w0xz
To those dismissing this RAND report: Ignore it at your own peril. This is the best data ever released on real exploit development, period.
As much as you disagree with P0, this is an argument for it, surfacing vulns (that may be solved in clusters) and pushing boundaries
it's still a drop in the ocean. They make things slightly more annoying but that's about it. If P0 focused more on (1/2)
developing new (or helping implement older) defenses the value would IMO be much greater.
I agree. If they spent half effort on vuln class defense and half on offense it'd be ideal...
agreed. One area I do think they are doing a great job on is showing vulns in less public spots (AV, password managers, etc)
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.