I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
-
-
Do you claim that there has never been an incident of successful undetected exploitation, and that the millions of dollars being spent on exploits is wasted? If the answer is you don't claim that, then please accept that we don't have visibility into this problem. Geez.
-
Again, you’re twisting my words to the extreme case, I suspect to create a strawperson that you can then knock down. We’re not serving industry improvement. So, I’m sorry I jumped in again. Peace
- 3 more replies
New conversation -
-
-
What? “Zero”? We don’t have “all”, no. the truly sophisticate may not get reported. But, that’s not the universe of exploits. We most certainly have data on which exploits get used. It’s a percentage (estimates differ)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.