Dailydave mailing list archives
Re: The old speak: Wassenaar, Google, and why Spender is right
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 4 Aug 2015 08:42:10 -0700
Now, of course, it's hard to truly quantify such opinions, and if you think otherwise, I think it's quite fine to disagree :-)
To be perfectly clear, I actually strongly agree that indiviual bugs don't deserve PR releases, media packets, and flashy conference presentations. All that is just a product of human nature and a couple of twisted incentives. At the same time, I don't subscribe to the absolutist view that vulnerabilities don't matter, chiefly because I see ample evidence of such findings making developers more interested in security and improving their code - an because they keep us honest when we invent new ways to make software more secure. On balance, I do think that systemic improvements (design practices, sandboxing, mitigations) are more important where feasible, but I see a strong link between the two facets of security research. I'm always surprised when people speak in absolutes - be it when Bes or you get dismissive or vulns and vuln disclosure, or when researchers make a big deal out of individual findings and see themselves as kings of the world. /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The old speak: Wassenaar, Google, and why Spender is right Bas Alberts (Aug 01)
- Re: The old speak: Wassenaar, Google, and why Spender is right Michal Zalewski (Aug 02)
- Message not available
- Re: The old speak: Wassenaar, Google, and why Spender is right Michal Zalewski (Aug 05)
- Re: The old speak: Wassenaar, Google, and why Spender is right Michal Zalewski (Aug 05)
- Message not available
- Re: The old speak: Wassenaar, Google, and why Spender is right Michal Zalewski (Aug 02)