If I understand correctly, you're saying you don't need to be informed why we're sheltering in place, you just trust that it's in your best interests?
No. Vulnerability discovery isn't a mutually exclusive event, other people can find and exploit them simultaneously, our concern is that people are at risk while the vendor is trying to hide the problem.
-
-
What, in your words, does Full Disclosure optimize for?
-
The core tenet is that users should be informed before (or at the same time as) vendors. I suppose it optimizes for empowering users to handle their own risk?
- 8 more replies
New conversation -
-
-
Vendor as part of the threat model, rather than part of the solution. Is that part of the reasoning behind the extendable 90 day deadline at P0? Vendors who are trying to patch are a lesser variable in the threat model?
-
Vendors are rational actors right, so what is the economic inventive for fixing vulnerabilities? I genuinely don't know, giving users information about vulnerabilities empowers them to direct vendors how they expect them to respond.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.