I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
-
-
And yes, there have been some really seminal research into what actually gets exploited and what not. There do exists some reasonable predictors. To my mind, we must use every available leverage
-
No there hasn't, we have zero visibility into how exploits are used successfully, when we find exploitation in the wild we're only seeing the attackers failure case.
- 5 more replies
New conversation -
-
-
I didn’t say that. I said that we MUST analyze before committing to a course of action. Which implies “work together”. Is that so hard?
-
Yes, because "work together" is a euphemism for "give the vendor what they want", no? Why don't you spell out "working together" so that I understand.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.