Ive not been sued or charged, yet. I'm sitting on two widespread critical infrastructure vulns because of the shoot-first mentality. The scale of it is such that there's no way to get hold of everyone to ensure things are fixed. No gov help in doing the right thing. https://twitter.com/zackwhittaker/status/965573990415814656 …
-
This Tweet is unavailable.Show this thread
-
Replying to @ihackedwhat
I wonder if there's a space for a non profit hacker middle man org that does nothing but anonymize high risk vuln reports like this
2 replies 0 retweets 3 likes -
Replying to @MisterGlass @ihackedwhat
I'm listening. How would such a non-profit pay bills & salaries?
2 replies 0 retweets 0 likes -
Replying to @vmyths @ihackedwhat
I don't think it would end up being a full time job (though I could be wrong). I thought of a non-profit because hopefully you could setup the org as a legal shield for those who are its face, though honestly IANAL.
2 replies 0 retweets 0 likes -
Thinking about this more, the problem these days seems to rarely be reporting to the company with a vuln, but what happens if the org ignores you.
2 replies 0 retweets 0 likes -
Replying to @MisterGlass @ihackedwhat
Google has paved inroads for this. Which isn't exactly saying much. And they can afford any SLAPP suits.
1 reply 0 retweets 1 like -
You are describing
@certcc . It has been around 30 years. Run by CMU. I believe it’s grant funded and also contracts with US CERT. Will honor your anonymity and broker comms. I’ve used them to report vulns. https://www.cert.org/1 reply 1 retweet 9 likes -
What do you mean "they don't do Canada"? We cover software that's used on Earth, which probably includes Canada as well.
-
-
Replying to @wdormann @ihackedwhat and
RenderMan - hope you've followed up with Will or other CERT peeps. They have connections and infrastructure and can scale.
1 reply 0 retweets 0 likes -
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.