You're right, I confused something you said with something @rmhrisk said. My mistake.
-
-
Replying to @taviso @saleemrash1d and
I don’t believe I’ve said anything that suggests only one person can find a vulnerability. I see vulnerabilities like natural law, a thing that will exist no matter what, and that good guys in the name of stoping the bad, and bad guys in the name of profit, will always find.
1 reply 0 retweets 2 likes -
Replying to @rmhrisk @saleemrash1d and
We can make software safer by fixing vulnerabilities, agreed? This is why it's useful to get the gov to stop hoarding them, we can literally take exploits away from people we disapprove of. I get the impression you think reducing western 0day leaves others alone, that's not true.
2 replies 0 retweets 0 likes -
Strong disagree
1 reply 0 retweets 0 likes -
Replying to @daveaitel @rmhrisk and
You disagree we can make software safer by fixing vulnerabilities?
1 reply 0 retweets 1 like -
I don't think the data supports either of your points in previous tweet
1 reply 0 retweets 0 likes -
Replying to @daveaitel @rmhrisk and
There is data suggesting fixing vulnerabilities doesn't make software safer?
3 replies 1 retweet 1 like -
Ask any consulting team, I assume ?
1 reply 0 retweets 0 likes -
Replying to @daveaitel @rmhrisk and
Hmm, I would be pretty surprised if a consulting team said that fixing the vulnerabilities they find doesn't make that software safer. Even if they believed that, seems like it would be in their best interests to deny it
2 replies 0 retweets 2 likes -
It is about making strategic decisions (please stop using php, etc ) using data from your own code and setup. If you think of consulting as bug bounty at a fixed price then you are in fact doing it wrong
2 replies 1 retweet 4 likes
This is twitter, I can't give pages of context in a tweet, of course "fixing" vulnerabilities can include more than just code changes. The point is that we can learn about these problems from vulnerabilities.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.