هیچی برگر [﷼]
Ir al canal en Telegram
shit/schizo posting
Mostrar másEl país no está especificadoLa categoría no está especificada
218
Suscriptores
Sin datos24 horas
-17 días
+130 días
Archivo de publicaciones
> be microslop
> coordinate “responsible disclosure” program that’s just an AI slop
> researchers submit valid RCE, gets auto closed as “duplicate” or “by design”
> *after 4 months of silence*
> nightmare eclipse drops, entire windows ecosystem gets cooked
> researchers who warned you go public with the 0days you ignored
> ban them from GitHub, and Gitlab revoke accounts, nuke repos
> write a 3000 word blog post about “researcher ethics” and “community safety”
> call it “coordinated vulnerability disclosure best practices”
> no mention of the 47 ignored MSRC submissions that preceded the incident
> start quietly emailing BlackHat / DEFCON speakers asking them to “adjust their content”
> framing it as “collaboration” while legal CC’d on every email
> speakers told certain CVE details “may create legal exposure”
> next steps: CFAA threats like it’s 2013 and Aaron Swartz
> possibly Nintendo tier C&D letters to independent vuln researchers
> all this instead of just… triaging your tickets properly
> a trillion dollar company
cannot run a bug bounty without becoming the villain in a hacker movie
> absolute state of MSRC
MSRC is now contacting black hat speakers asking if their talk will disclose any MSRC case or cve lmao what even https://infosec.exchange/@adamshostack/116690106564281011
