It's not a difference in perspective at all, I don't agree "it doesn't hurt". The relevant people are those who haven't installed *yet*, agreed? I'm saying they should know to wait if this is a risk to them, but you're saying "yeah, but that might hurt Zoom's business", correct?
-
-
Replying to @taviso @bryanriddlespic and
You are making the assumption that users are reading infosec or even tech news. I truly think that’s about 5% of the end users for Zoom.
1 reply 0 retweets 12 likes -
Replying to @x0rz @bryanriddlespic and
Isn't that like saying we shouldn't talk about COVID-19, because not all humans watch the news? We don't have a perfect system for disseminating information, we have to make do with what we have.
1 reply 0 retweets 9 likes -
Replying to @taviso @bryanriddlespic and
Informing the vendor first seems like the most sane option IMO. Isn’t that the default P0 policy anyway?
1 reply 0 retweets 8 likes -
Replying to @x0rz @bryanriddlespic and
You'll have to explain why it's the most sane option? It won't change the risk to everyone who has already installed it, and puts people who haven't installed it yet at risk...? I think that probably is what P0 would do, doesn't mean it's right.
2 replies 0 retweets 7 likes -
In no other industry have the vendors convinced everyone that product quality information should remain secret
4 replies 21 retweets 69 likes -
Replying to @daveaitel @x0rz and
And then somehow managed to get customers to help fight for less information for consumers... for their own protection. It's really a work of art.
2 replies 2 retweets 26 likes -
Replying to @taviso @daveaitel and
Tavis and Dave, who is advocating for keeping vulnerabilities a secret? My point is that vendors should hear about vulnerabilities from researchers, not the media. It's a researcher's right to socialize the vulnerability at some point, but give the vendor a chance to fix it.
1 reply 0 retweets 0 likes -
Replying to @bryanriddlespic @daveaitel and
Oh okay, so kinda like the trolley problem. You could warn everyone on the tracks that a trolley is coming, but that would be rude to the $35B trolley corporation... got it. Not sure I would call that responsible.
1 reply 3 retweets 10 likes -
Replying to @taviso @bryanriddlespic and
Vulnerabilities don’t really impact business though, they impact the end users getting pwned. Have you seen people running away from Adobe Reader despite years and years of disclosure?
1 reply 1 retweet 8 likes
I don't understand what you're trying to say, I think market pressure created things like pdfium and PDF.js, more secure options that people desperately wanted? As far as I know, Adobe Reader usage continue to fall.
-
-
Replying to @taviso
Although I'd add that the extras added to Adobe and the fact that people pirating Photoshop never could install the auto-updater were also great deterrents...
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.