I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
-
-
we can learn a lot about the state of appsec ‘art’ from Microsoft. Far from perfect, true. Maddening sometimes. It’s that “state of art” where I want to put my energy cuz basically, we’re all beginners. My 20 years doesn’t make a “mature practice”.
-
Remember to take a breath between gulps of that Kool-Aid, I don't want you to drown!

- 4 more replies
New conversation -
-
-
I”m not an anybody cheerleader. I work for IOActive today. I spent years leading product security architecture at a series of software makers. I’m interested in macro problems
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

)