That is self-serving garbage, "The best way to help victims is to make sure they don't know we sold them a shoddy product", how convenient. As a consumer, I want to know if you sold me a lemon, so I can tell you what I expect you to do about it.
-
-
I think "Do we tell users the problem" and "Do we drop zero-days to prove it" are being conflated as a single issue here. You can tell users a product's security is shoddy as hell and still give the vendor time to fix the specifics. Zero-days are for vendors who
#wontfix1 reply 0 retweets 1 like -
I'm still open to the argument that Zoom as a vendor is labeled as a persistent
#wontfix vendor though, given their history with the hidden webserver debacle.2 replies 1 retweet 3 likes -
It does appear there are some standard anti-patterns in what they've launched that indicates a lack of adversarial mindset in the design and implementation phases. Do they have a history of
#wontfix ? Also, I've never met a dev team that responds well to shame and antics.2 replies 0 retweets 3 likes -
I don't agree that shame is involved in reporting a vulnerability. It's not an an insult, this isn't people calling their baby ugly, it's constructive and informative. People only report vulnerabilities in things they think need to be safe, that's a positive thing.
1 reply 0 retweets 9 likes -
I dunno. There's a lot of emotive language in the blogpost.
1 reply 0 retweets 1 like -
Sure, but I think that's a combination of writing for the intended audience with a casual blog-tone and the questionable growth-hacking Zoom are doing. In that context I think the language can be excused.
1 reply 0 retweets 1 like -
Shrug. I recognize there are people that don't care about the impact they have on others, but I do believe empathy goes a longer way than snark.
1 reply 0 retweets 7 likes -
Not that some companies don't deserve it more than others - but I do think the world would be a better place if so many vulnerability write-ups didn't read like this: "YET again, these stupid people have failed to meet my expectations."
1 reply 0 retweets 1 like
Fair, but the context here is a vendor who repeatedly and consciously chose gross growth hacks over security. In a casual blog post for a technical audience, some exasperation can be excused, without questioning empathy... no?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.