|
@taviso | |||||
|
The benefit to security of any disclosure policy tends to be inversely proportional to how loudly vendors cheer for it 🤣
|
||||||
|
||||||
|
MalwareTech
@MalwareTechBlog
|
7. sij |
|
Hard to see the logic in rewarding vendors for patching bugs quickly by publishing them quicker.
|
||
|
||
|
Markus Vervier
@marver
|
7. sij |
|
Bugs are patched for users, not vendors. So as soon as a patch is available, they should know about it.
|
||
|
|
||
|
evan j
@ejcx_
|
7. sij |
|
I think the new policies make a lot more sense for vendors of cloud software. The policies before were great for client software. maybe now it's worse for client software. I believe there should be two policies tbh
|
||
|
|
||
|
|
Tavis Ormandy
@taviso
|
7. sij |
|
What difference does it make for cloud software? Patch adoption there is effectively perfect, so doesn't seem like an issue, perhaps I'm missing the point.
|
||
|
|
||
|
daveaitel
@daveaitel
|
7. sij |
|
Is Tavis going to talk at INFILTRATE? [y/n] <---today's high school note passing. :)
|
||
|
|
||
|
|
Tavis Ormandy
@taviso
|
7. sij |
|
Haha, I'll think about it 😛
|
||
|
|
||
|
Nitesh Surana
@ideaengine007
|
7. sij |
|
This is a loud one xD
|
||
|
|
||
|
Non-deterministic thoughts
@code_injected
|
7. sij |
|
TRUTH
|
||
|
|
||
|
rob rodgers
@knaversr
|
7. sij |
|
100% this
|
||
|
|
||
|
Sweets 🌀
@Th3Mort
|
7. sij |
|
Well until someone comes along with a wiper worm, most vendors only see bad PR
|
||
|
|
||