In the debate about publishing n-day PoCs, I’m not reading anyone debating what the value of n should be for fully working PoCs. I’ve personally published vuln details when patch was released, techniques in abstract, but waited over a year for working exploits. Seemed best to me.
It's true, but not sure it's that useful an observation. We can't measure the benefit to defenders, but we do know tools are widely used by professionals, for example. I personally get great value from open research, so that's worth something 
-
-
Yeah definitely, also that was in many ways a completely different time. I would personally enjoy seeing more research like this, over time. (yes I know, do it myself etc).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.