I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
-
-
You can't tell me the complexity was testing either, because the tests are opensource and they literally just call it with rand() 1000 times.

-
Sometimes mistakes are made. When I had to deal with PSIRT, I was always interested in solutions from reporters. But then, I can cite many examples where the fix appeared trivial and was not - at least, to do it correctly.
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.