We're talking abt #s of disclosures, but ALSO tracking whether those disclosures actual led to vuln being fixed. Also asking for real policy
-
-
Dont need a classified report to tell you that. E.g. notice how WordPress has had more than one SQLi bug and yet still doesn't parametrize
-
Notice how Microsoft has patched more than 1 SMB remote 0day and yet still parses it in the kernel. Same categories of bugs. Year after year
-
And THAT is why the agencies responsible take a dim view of doing the security aspects of a vendors job for them.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.