Tim Willis

@itswillis

Long time listener, infrequent tweeter. Currently Project Zero . Views are my own. Currently reading: "Brown Bear, Brown Bear, What Do You See?"

Joined October 2012

Tweets

You blocked @itswillis

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @itswillis

  1. Jan 7

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    Undo
  2. 2 Sep 2019

    ... TAG *only* saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well). That said, anyone out there with full chain 0day in-the-wild from Android / Windows, feel free to reach out and we'd love to take a look!

    Show this thread
    Undo
  3. 2 Sep 2019

    Contrary to some commentary, Project Zero's long form blogs are based on deep technical research into 0-days and novel exploitation, not a commentary on target populations or the wider threat space. Specifically though in this case (and as a one-off), I can tell you that...

    Show this thread
    Undo
  4. 31 Aug 2019

    3. The unglamorous but important work of code testing and review. Uncaught software development errors can have a huge impact on device security. Shout outs to all the testing/review/QA peeps out there - hopefully you can use these posts for more funding for your future work!

    Show this thread
    Undo
  5. 31 Aug 2019

    2. The high rate of vulnerability discovery collisions between our team and real world attackers. Pressuring vendors to patch quickly, as well as vendors working hard to encourage quick patch adoption, is stopping demonstrated end-user harm.

    Show this thread
    Undo
  6. 31 Aug 2019

    Having spent most of this week editing 184-page “blogbook”, I’d like to highlight three things so they don’t get missed: 1. 's JSC exploit piece () on patch gapping and n-day bugs being used as an easy way to score 0-day like capabilities

    Show this thread
    Undo
  7. 4 Mar 2019

    Poll: Should all governments be required to produce high quality cybersecurity dance/music videos to support their national programs? e.g. from the Republic of Korea's (h/t )

    Undo
  8. 1 Mar 2019

    Good times and looking forward to it! The die is cast on the twitter front - no turning back now. Honourable mentions to and for their previous attempts to goad me into twitter action.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·