I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
-
-
That’s silly, “vendors”. Have you worked PSIRT for an honourable company? Do it for to see how tricky it can be. There are vendors I wouldn’t work for, ever (dishonest). And vendors who try really hard. Prioritizing isn’t easy, Tavis, it’s bloody difficult.
-
Of course I have. The vendor in this case is Microsoft, are they honourable? (Haha, your bio says IOActive, so I assume you're a Microsoft cheerleader
) - 6 more replies
New conversation -
-
-
"A single example of a botched fix"? Do you believe this all happened because of ONE botched fix and not a pattern of behavior by companies like this?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
