Why shouldn't full-disclosure'd bugs be eligible for NN% of the reward? (looking for strong arguments against it)
So if you only use a bug to compromise the vendor is that coordinated disclosure? It's a little insulting to equivocate full-disclosure and mass exploitation.
-
-
I'm being theoretical, not trying to insult nor compliment. Is it a fact or not that when burning 0days, said 0days will get fixed? Thus the end is the same + potential victims exist in both cases. Intent is one difference though its impossible to measure.
-
I think it's pretty easy to measure intent, robbing your neighbour is clearly not the same as telling them their door is unlocked?
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.