How much money google pays taviso is irrelevant. Fact is he does not get paid by vendor X and their users. They get his work for free.
-
-
I really don't want to argue, but that's a silly point. Google pays him real money to find bugs in other vendors' code. It's not charity.
3 replies 0 retweets 6 likes -
Replying to @matthew_d_green @manicode and
No it is not a silly point. The point is that parties not paying anything but getting stuff for free feel entitled to dictate the terms.
2 replies 0 retweets 9 likes -
If Tavis wrote malware based on his exploits and released into the wild, would vendor gratitude also be required?
3 replies 0 retweets 2 likes -
Replying to @matthew_d_green @i0n1c and
The point here is that I *think* Tavis's tweets are harmless, but I'd be curious to know if that can be argued empirically.
2 replies 0 retweets 3 likes -
Replying to @matthew_d_green @i0n1c and
And if that question were, hypothetically, answered in a way that shows the tweets are harmful: when do vendors have a right to be upset?
2 replies 0 retweets 3 likes -
Replying to @matthew_d_green @manicode and
I don't think vendors have EVER the right to be upset when someone discloses vulnerabilities to them. After all it only helps them.
1 reply 2 retweets 2 likes -
Even if the disclosure comes in the form of in-the-wild malware? I realize that's a strawman -- trying to understand your position here.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @manicode and
Well what is malware? If a POC exploit counts as malware then yes
1 reply 0 retweets 1 like -
Ok, so your position is that Tavis could have publicly tweeted a PoC exploit for an unpatched wormable RCE and it would have been fine?
3 replies 0 retweets 0 likes
The term "malware" means "malicious software", you can't be asking if malice is acceptable?
-
-
No, I was proposing the worst possible form of disclosure I could think up.
1 reply 0 retweets 2 likes -
This Tweet is unavailable.
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.