undefined | Better HN

0 pointscbr13y ago0 comments

    two exploits discovered, one sent to half the team,
    the other sent to the other half

That would only work with brazen leaking. If a security team member were selling 0-days to organizations that intended to make extremely limited and careful use of them, it might never become public that exploits were being leaked.

0 comments

ffk12y ago

I agree, I suspect the best way to be caught is for the malicious team member to tell someone who turns them in. Most likely it doesn't ever go noticed. Also, it's fortunate that the information received by the security teams typically has a relatively small window of opportunity to perform the exploit.

j / k navigate · click thread line to collapse

0 pointscbr13y ago0 comments

    two exploits discovered, one sent to half the team,
    the other sent to the other half

0 comments

ffk12y ago

j / k navigate · click thread line to collapse