هیچی برگر [﷼]
前往频道在 Telegram
shit/schizo posting
显示更多未指定国家未指定类别
218
订阅者
无数据24 小时
-17 天
+130 天
帖子存档
> be microslop
> coordinate “responsible disclosure” program that’s just an AI slop
> researchers submit valid RCE, gets auto closed as “duplicate” or “by design”
> *after 4 months of silence*
> nightmare eclipse drops, entire windows ecosystem gets cooked
> researchers who warned you go public with the 0days you ignored
> ban them from GitHub, and Gitlab revoke accounts, nuke repos
> write a 3000 word blog post about “researcher ethics” and “community safety”
> call it “coordinated vulnerability disclosure best practices”
> no mention of the 47 ignored MSRC submissions that preceded the incident
> start quietly emailing BlackHat / DEFCON speakers asking them to “adjust their content”
> framing it as “collaboration” while legal CC’d on every email
> speakers told certain CVE details “may create legal exposure”
> next steps: CFAA threats like it’s 2013 and Aaron Swartz
> possibly Nintendo tier C&D letters to independent vuln researchers
> all this instead of just… triaging your tickets properly
> a trillion dollar company
cannot run a bug bounty without becoming the villain in a hacker movie
> absolute state of MSRC
MSRC is now contacting black hat speakers asking if their talk will disclose any MSRC case or cve lmao what even https://infosec.exchange/@adamshostack/116690106564281011
