I sincerely doubt you could find anyone at Microsoft, Google, Apple, Mozilla, anywhere that will say "we don't like getting bug reports". Do you argue that they're lying, and secretly think they're mean?
-
-
Replying to @taviso @cnoanalysis and
That’s not what I said, at all. You don’t have to be resentful about getting vulnerability reports to want to outdo other teams performance.
2 replies 0 retweets 7 likes -
Replying to @hacks4pancakes @cnoanalysis and
I guess I don't understand what you're saying, you said there is a worrying rivalry, but as far as I know we all want the same thing. We help Microsoft, Microsoft helps us, we're all on the same side?
2 replies 0 retweets 7 likes -
Replying to @taviso @cnoanalysis and
I’m saying: That’s great, as long as your analysts are staying civil and not unintentionally trying to outdo one another at the expense of research into other products. From the outside it looks like you’re gradually getting more competitive.
1 reply 0 retweets 7 likes -
Replying to @hacks4pancakes @cnoanalysis and
What does "competitive" mean in this context, you mean trying to make the safest products? I guess, I'm trying to understand what is "worrying", I'd be excited if we both keep upping our game?
2 replies 0 retweets 4 likes -
Replying to @taviso @cnoanalysis and
Every org has only so many vulnerability researchers on staff, and only so many hours to dedicate towards research. I hope Microsoft’s team is expending a sensible effort analyzing critical stuff in their own products this week, and not turning too much attention to Google.
2 replies 0 retweets 9 likes -
Replying to @hacks4pancakes @taviso and
MS and Google security people: "Isn't it awesome we're making each other's products more secure!" MS and Google senior execs: "Uh... yes. That's totally our only goal supporting this research, too. Of course. Totally. Great stuff."
1 reply 0 retweets 2 likes -
Replying to @arekfurt @hacks4pancakes and
How much mental gymnastics do you have to do to see sinister motives behind making something safer? Like, what is the senior exec's motivation in your conspiracy theory, explain it to me?
3 replies 0 retweets 1 like -
Replying to @taviso @hacks4pancakes and
I was being 60% facetious. But if strong security really is a factor that products compete on is it really a huge stretch to think that if a competitor's offering has exploitable vulns disclosed more often than one's own your cos. leaders won't be heartbroken about that fact?
3 replies 0 retweets 1 like -
Replying to @arekfurt @hacks4pancakes and
If that were true, then why do Microsoft and Google both disclose vulnerabilities they find *internally*? e.g. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0801 …
1 reply 0 retweets 0 likes
Here's another one, in fact, @n_joly is prolific. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0793 …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.