It’s a way for auditors and customers to verify as well. And the general public, if you consider them to be auditors.
Yes, you understand correctly. Who else can exploit the example I gave other than the vendor?
-
-
Ah. But that’s a capability that degrades rapidly. And if every latest version is riddled with new bugs, eventually you’ll ring people’s alarms.
-
So if the second Tuesday of every month, Microsoft published dozens of new bugs, people might stop using Windows?
- 23 more replies
New conversation -
-
-
An on-path network attacker who has a cert for the domain?
-
I can sit here and make up bugs if you like, the strcpy() only happens after the embedded signature check.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
