.@Google STOP using public vuln disclosure to bully people into your arbitrary policy when there is no need - this isn't responsible, it's unethical STOP HURTING US #infosec #Vulnerability cc @k8em0 @hacks4pancakes
@taviso @phillip_misner @jepayneMSFT https://www.theverge.com/2018/2/19/17027138/google-microsoft-edge-security-flaw-disclosure …pic.twitter.com/NyzADaiChe
-
-
It’s merely human nature that friendly competition between big players’ analysts may unintentionally draw attention away from other products.
-
I sincerely doubt you could find anyone at Microsoft, Google, Apple, Mozilla, anywhere that will say "we don't like getting bug reports". Do you argue that they're lying, and secretly think they're mean?
- 10 more replies
New conversation -
-
-
@taviso that's a strawman fallacy - we're discussing irresponsible disclosure, not vulnerability research -
I am impressed how quickly “informing the public about the true security properties of their systems so they can make informed risk decisions, after giving a vendor reasonable time to prepare a reasonable response” is labeled ‘irresponsible’.
- 2 more replies
New conversation -
-
-
@Google has weaponized public#vulnerability disclosure to force adherence to their arbitrary policy regardless of consequences - moral absolutism at its most detestable#infosec#Cybersecurity -
Is your proposal to lengthen the time to disclosure, never disclose unless a patch is already created and deployed for a specific period of time or don't have these companies look for vulnerabilities?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.