Burning VEP reporting into the Intel authorization act.https://twitter.com/Bing_Chris/status/900791830761132032 …
-
-
I think the conversation has gone down a rabbit hole. We're talking about # of disclosures, not how to make VEP improve US cybersecurity.
-
We're talking abt
#s of disclosures, but ALSO tracking whether those disclosures actual led to vuln being fixed. Also asking for real policy -
Reporting is better thought out than I would have expected (and may embarrass some squawking tech so in process).
-
So I agree, but it is premised on the belief that more disclosures = more security, rather than taking a step back and asking if that's true
-
At the very least this will answer the "how often do companies that get disclosure act in timely fashion" question.
-
With the public embarrassment factor, to boot.
-
Sure. But the Q that matters isn't "when did you have patch" but "when did 99% customers patched"?
-
I mean, whatever else we got out of WannaCry, we have sense of what got patched off silent patch, whose use of pirated software is a problem
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.