undefined | Better HN

0 pointsbawolff2y ago0 comments

Whether its reasonable is debatable, but that type of time frame is pretty normal for things that aren't being actively exploited.

This situation is perhaps a little different as its not an accidental bug waiting to be discovered but an intentionally placed exploit. We know that a malicious person already knows about it.

0 comments

larschdk2y ago

Detecting a security issue is one thing. Detecting a malicious payload is something completely different. The latter has intent to exploit and must be addressed immediately. The former has at least some chance of noone knowing about it.

londons_explore2y ago

If you were following Google Project Zero's policy (which many researchers do), any in-the-wild exploits would trigger an immediate reveal.

j / k navigate · click thread line to collapse

0 comments

larschdk2y ago

londons_explore2y ago

If you were following Google Project Zero's policy (which many researchers do), any in-the-wild exploits would trigger an immediate reveal.

j / k navigate · click thread line to collapse