Twitter | Pretraživanje | |
Tim Willis
At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):
Reply Retweet Označi sa "sviđa mi se" More
Dan Gorman 7. sij
Odgovor korisniku/ci @itswillis @benhawkes
(read the review yourself!) Faster patch development and less vendor confusion on disclosure via standardized time-line, still no mention if P0 users own pets (or tamagatchis) in annual review. Still amazing folks and I appreciate their work :)
Reply Retweet Označi sa "sviđa mi se"
HackingPheasant 7. sij
Odgovor korisniku/ci @itswillis
Seems like some good changes!
Reply Retweet Označi sa "sviđa mi se"
Erik Gomez 8. sij
Odgovor korisniku/ci @itswillis
If a patch is released in 20 days, but the vendor chooses to offer details in the release notes, customers may not patch. An assumption is being made in that customers deploy all patches and then find out later they aren't vulnerable. I don't think it's the right premise.
Reply Retweet Označi sa "sviđa mi se"
mugundhan 8. sij
Odgovor korisniku/ci @itswillis @gynvael
I don't know why many ppl, don't noticed this. 👍
Reply Retweet Označi sa "sviđa mi se"
eric doerr 9. sij
Odgovor korisniku/ci @itswillis
I appreciate the transparency on approach, and the multi year partnership your team had provided. Thanks for all you do Tim and the rest of GPZ!
Reply Retweet Označi sa "sviđa mi se"