FireEye is the only major vendor who has helped and responded positively to vulnerability reports, kudos to them.
-
-
-
If you consider "a patch asap" as a "positive response", then (the threat of) full-disclosure has a very good track record. :)
End of conversation
New conversation -
-
-
cisco ios vr is also free, all features lit (pay to unlock the data transit rate limit)
-
The problem isn't money, Google can afford to buy test equipment. The problem is vendor roadblocks for researchers.
- 2 more replies
New conversation -
-
-
If I had more power in the corporate machine I'd try to arrange something. Have you had a stab at ClamAV/Snort since most run it?
-
I seem to remember
@taviso (accidentally?) dropping a 0-day in one of the .so rules a few years back. - 1 more reply
New conversation -
-
-
@oscaron Let me get this straight you want me to give you hardware so you can prove how bad our code is? I will get right on that…. -
@revskills@taviso for every tavis, there are 4 nations and 6 companies willing to buy it, find bugs, and not report - 3 more replies
New conversation -
-
-
blacklisting you is such a fail, I would encourage you to share names of entities that do it
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Vendors who blacklist researchers should find themselves left out of "responsible disclosure".
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.