Would like to know more here about whether this was responsibly disclosed and time given to the Zoom team to fix it. https://twitter.com/zackwhittaker/status/1245350371876315137 …
-
-
I think "Do we tell users the problem" and "Do we drop zero-days to prove it" are being conflated as a single issue here. You can tell users a product's security is shoddy as hell and still give the vendor time to fix the specifics. Zero-days are for vendors who
#wontfix -
I'm still open to the argument that Zoom as a vendor is labeled as a persistent
#wontfix vendor though, given their history with the hidden webserver debacle. - 6 more replies
New conversation -
-
-
A couple things: Lots of users have no idea how to assess security, which is half the lemon problem. They depend on vendors. Second, huge benefits to publishing vulns, w/details. The CVD bet is that it's net lower risk to give vendor (even Zoom) a head start.
-
I don't know how to assess mechanical problems in my car, I still want you to tell me about design flaws.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.