I wonder if this increases the value of patch diffing results. Because P0 will not disclose what the bugs are for a long time which automatically makes patch diffing more attractive
https://twitter.com/i0n1c/status/1214621661099646989 …
-
-
According to
@epakskape data from BluehatIL, almost no exploits for a vuln discovered in the 30 days after a patch is available. It doesn’t extend to what the average timeline is for the cases that see an exploit. Obviously we don’t have perfect info, just a data point. -
Sure, pretty useless data point though, why would you invest in building an exploit just to share it with Microsoft.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
