Burning VEP reporting into the Intel authorization act.https://twitter.com/Bing_Chris/status/900791830761132032 …
-
-
Replying to @pwnallthethings
Sadly (as with most VEP discussions) it starts by looking for numbers without first establishing whether those numbers will be useful.
3 replies 4 retweets 14 likes -
Replying to @pwnallthethings
I think the concern abt the report leaking is real. But as a baseline these seem like they'd advance the conversation significantly.
1 reply 0 retweets 1 like -
Replying to @emptywheel
I think the conversation has gone down a rabbit hole. We're talking about # of disclosures, not how to make VEP improve US cybersecurity.
1 reply 0 retweets 2 likes -
Replying to @pwnallthethings
We're talking abt
#s of disclosures, but ALSO tracking whether those disclosures actual led to vuln being fixed. Also asking for real policy1 reply 0 retweets 1 like -
Replying to @emptywheel @pwnallthethings
Reporting is better thought out than I would have expected (and may embarrass some squawking tech so in process).
1 reply 0 retweets 1 like -
Replying to @emptywheel
So I agree, but it is premised on the belief that more disclosures = more security, rather than taking a step back and asking if that's true
2 replies 0 retweets 1 like -
Replying to @pwnallthethings
At the very least this will answer the "how often do companies that get disclosure act in timely fashion" question.
1 reply 0 retweets 1 like -
Replying to @emptywheel @pwnallthethings
With the public embarrassment factor, to boot.
2 replies 0 retweets 1 like -
Replying to @emptywheel
Sure. But the Q that matters isn't "when did you have patch" but "when did 99% customers patched"?
2 replies 0 retweets 2 likes
And having reporting on what got patched is one way to discover that.
-
-
Replying to @emptywheel @pwnallthethings
(Of course a lot of that data was collected by
@MalwareTechBlog and he's prohibited from accessing the data atm, but whatev.)0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.