As a community we’ve let some security vendors take the piss, especially when it comes to next gen endpoint solutions. Some have been locking out research by their own industry for years via NDAs, DMCA abuse and legal threats. We should call it out. Make better products.
-
Show this thread
-
It’s not all vendors. My experience with Sophos is both their engineers and seniors reached out and they improved their product (eg InterceptX ran on EternalPot and piloted their DoublePulsar detection), also Microsoft super receptive (and put attacks of their product on stage).pic.twitter.com/sUZDGfYtaY
2 replies 2 retweets 16 likesShow this thread -
Replying to @someinfosecguy
Here’s the thing, I’ve been really critical of Sophos detection over the years on here, but they engaged behind the scenes and made the product better. It really concerns me there’s vendors making people sign NDAs to even use products and actively suppressing research.
3 replies 1 retweet 12 likes
Years ago I had to argue with them how the ActiveX buffer overflow I found was indeed a security issue. Their rationale: the awful PoC I gave them didn't pop calc.exe. It just crashed IE.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.