On Sun, Sep 6, 2015 at 3:51 PM, Georgi Guninski <guninski@guninski.com> wrote:
On Sat, Sep 05, 2015 at 03:48:48PM +0000, Alfonso De Gregorio wrote:
.... I ask vulnerability sellers: How effective your favorite exploit acquisition platform / program is at preventing this from happening again?
You mean something like the the dear nsa: http://www.theregister.co.uk/2015/09/04/nsa_explains_handling_zerodays/
Mind-blowing secrets of NSA's security exploit stockpile revealed at last Incredible document has to be seen to be believed
It made me reconsider the true meaning of [XXXXXXXXXXX] to read about [XXXXXXXXXXX] and, especially, [XXXXXXXXXXX]. More seriously: After years of fierce debate, vulnerability disclosure is still looking for a convincing answer. The NSA may contribute its substantial share to discussion --- albeit less to the practice --- of vulnerability disclosure. Needless to say, it would have been more helpful to read a less heavily redacted 'Vulnerabilities Equities Policy and Process' to this end. On September 29, NTIA will convene a meeting on this topic. For those considering to attend it http://www.ntia.doc.gov/september-29-multistakeholder-meeting-vulnerability-... Will we never stop from drinking from the (endless?) stream of exploitable vulnerabilities? -- Alfonso