Burning VEP reporting into the Intel authorization act.https://twitter.com/Bing_Chris/status/900791830761132032 …
-
-
So I agree, but it is premised on the belief that more disclosures = more security, rather than taking a step back and asking if that's true
-
At the very least this will answer the "how often do companies that get disclosure act in timely fashion" question.
-
With the public embarrassment factor, to boot.
-
Sure. But the Q that matters isn't "when did you have patch" but "when did 99% customers patched"?
-
I mean, whatever else we got out of WannaCry, we have sense of what got patched off silent patch, whose use of pirated software is a problem
-
What WannaCry showed is disclosure without some critical theshold of customers actually patching quickly is cybersecurity homeopathy.
-
VEP needs to move from thinking about "how many bugs are disclosed" to "how do we fix classes of bugs" and "how do we patch quickly"
-
And the numbers collected here will provide some base level data -- with adverse publicity -- addressing the latter Q.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.