Again, the thing I don’t get about the hard deadline is: perhaps MS is fixing *other* serious bugs that it has found and which it judges are higher priority? Why do external researchers get to decide MS’s priorities without knowing the whole picture?https://twitter.com/taviso/status/1138469652571467776 …
-
-
what if in fact it takes longer than three months to fix? A number of the serious examples here took longer than that. Would you advocate 90-day disclosure for those too? https://en.wikipedia.org/wiki/Responsible_disclosure …
-
They can decline to fix bugs, schedule fixes for future versions in years to come, assign one developer or invest millions and assign dozens. Those are all valid options. It can take years to walk across the country or you can take a flight and be done in hours.
- 9 more replies
New conversation -
-
-
Has
@msftsecresponse even made a public statement or response or is it only the community making noise?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.