Also interesting to note how skilled attackers can also often easily write exploits with just patch diffs. Patch gapping can be pretty easy and some venders even include POCs as regression tests even if the researcher doesn't publish it!
-
-
I’m not sure I agree that it is primarily exploits that enable us to create new mitigations, but wouldn’t it be just as beneficial for developing mitigations to release PoCs at a later date than contemporaneously with patches?
-
A mitigation can be as simple as verifying a configuration change is effective.
End of conversation
New conversation -
-
-
You don't have to deprive the world, you just delay the PoC release to give time to patch.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.