I wonder if this increases the value of patch diffing results. Because P0 will not disclose what the bugs are for a long time which automatically makes patch diffing more attractive
https://twitter.com/i0n1c/status/1214621661099646989 …
-
-
Once there's something to pivot on, having a pile of crash reports helps find failed exploits, which helps vuln discovery/patching. Example w/ struggle: https://github.com/JohnLaTwC/Shared/blob/master/The%20Inside%20Story%20Behind%20MS08-067.md … Key quote: "On September 25th a crash came in that got my attention--an exploit in netapi32.dll"
-
I don't claim there are zero counterexamples, I claim that in general it is not helpful. I've researched this extensively, and believe Microsoft has as well, and came to the same conclusion.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
