I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of @taviso and others gets bugs fixed. This does not.
Do you claim that there has never been an incident of successful undetected exploitation, and that the millions of dollars being spent on exploits is wasted? If the answer is you don't claim that, then please accept that we don't have visibility into this problem. Geez.
-
-
Again, you’re twisting my words to the extreme case, I suspect to create a strawperson that you can then knock down. We’re not serving industry improvement. So, I’m sorry I jumped in again. Peace
-
Your position is that we must interpret lack of data in the most beneficial possible way to vendors. I suspect "industry improvement" means that we must do whatever Microsoft wants, so you're correct - I'm not going to agree to that.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.