Dailydave mailing list archives
The uncomfortable whitehat truth
From: Dave Aitel <dave.aitel () gmail com>
Date: Mon, 19 Oct 2015 13:00:51 +0000
I'm not sure how to explain this intuition, but clearly security () everything com is pretty owned. It's a high priority target that is by definition poorly defended. So when people submit bugs to Microsoft or Adobe or really any commercial company, they are sending a signal to various APTs which may or may not act on that signal, depending on their particular OPSEC guidelines. Obviously in some cases this is institutionalized - Governments (and not just "friendly" ones) can and do ask for a heads up on various vulnerability pipelines. So on one hand, if you're doing statistical analysis you will say "There is a huge overlap in the kinds of bugs we are finding and the kinds of bugs our adversary has! We are making a difference!" And on the other hand, maybe they are reading your mail, and killing the ones you happen to find, like a farmer culling the herd of a sick sheep. [image: Screenshot 2015-10-19 at 08.49.33.png]
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The uncomfortable whitehat truth Dave Aitel (Oct 19)
- Re: The uncomfortable whitehat truth Justin F (Oct 21)