Sure, but the problem with this is two fold. First, not everyone agrees you should be allowed to adjust those knobs on their behalf, you don't know their priorities. Second, you don't have the power to adjust them, you need resources provided by people who don't have a dev heart.
-
-
Replying to @taviso @berendjanwever
1) is the market. Ultimately what customers pay for validates my choices,also on the configurability end. 2) of course, there are many moving parts and all matter, which is why I push for multiple points of view and levers
1 reply 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
That's nonsense, how can the market react to information that you're arguing they shouldn't know? I'm saying make it public and let the market decide. You're saying don't let the market know, just trust us to do the right thing.
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
At what point have I ever advocated to not make information public? If anything I am for more information, not less (in fact I'm looking at all the incentives, not narrowing my scope to security bugs)
2 replies 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
Then what is it you want? More information available to users, but delayed until it is no longer useful?
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
What I want is more effort in building infrastructure than in finding bugs. And more attention on why they happen rather than just ship out patches leaving all the burden of adoption to users.
1 reply 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
Cool, and the best way to get that is to give users less information about vulnerabilities that affect them?
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
Oh Jesus, I've told you already multiple times that I'm for more information, not less.
2 replies 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
Yes, you've said lots of contradictory things. You're opposed to full disclosure, but want more information.
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
You have understood different things,it's different. You seem to think I'm against disclosure, while I'm just saying that in the great scheme of things, what you do with your own bug is largely irrelevant
1 reply 0 retweets 0 likes
I dunno, it sure seems to bother Mary Anne what I do 
-
-
Replying to @taviso @berendjanwever
I have no visibility into that, sorry. Nor I know how that has improved things. The visibility I had on security projects and the work I did on patching were shaped a ton more around customers feedback than anything else. But hey, everything helps if it gets us to a better place
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.