I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
-
-
We security folk need to provide the risk analysis about which issue affects whom, how. Who needs to respond, who can ignore. (BTW, I’ve published quite a few of those; I’m walking my talk here)
-
How convenient, users should be deprived of information about the risks in the products you sell. Do you believe this applies to other products, is it wrong to tell people you see tainted food being sold?
- 3 more replies
New conversation -
-
-
No users do not have nor should they need risk analysis. We’ve got this all wrong. It’s like Stallman opining that “everyone should code” Most users have other priorities, putting food on the table and roof over heads.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
