p0 has a disclosure policy. If vendors choose not to release patches the only way to push it further is to release.
-
-
help me understand .. to push the vendor to fix (to your rules) u put thousants of user at (this time real) risk? really?!?
1 reply 0 retweets 0 likes -
Replying to @kernelbof @taviso
they are already at risk. The vendors wrote the bugs. What else is there to do when vendors don't feel like fixing?
1 reply 0 retweets 0 likes -
no they are not before the kill, ~99% of killed bugs are not in the wild, most of the people got owned with shit killed...
1 reply 0 retweets 0 likes -
Replying to @kernelbof @taviso
so effectively you are saying we shouldn't release bugs or even patches (b/c they show where bugs are) b/c ppl get owned?
1 reply 0 retweets 0 likes -
i'm just saying that killing bugs in this way just makes more people unsafe, not less
1 reply 0 retweets 0 likes -
Replying to @kernelbof @taviso
*Maybe* in the short term but not in the long. Killing bugs like this is a big reason MS got deep into security...
1 reply 0 retweets 0 likes -
maybe back in the days...nowadays aint think so. Wanna kill bug for fame/ego? ok nice, but pretending to make people safer?
1 reply 0 retweets 0 likes -
Replying to @kernelbof @msolnik
Hey, one thing I've learned is in vuln research you can't make everyone happy. Everyone has a different idea what's best
2 replies 0 retweets 1 like -
i never meant to change your mind sir, but i'm sure you know that spreading bug kills has nothing to do with users safety
1 reply 0 retweets 0 likes
I think we'll have to agree to disagree on this one!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.