Post · bonfire.mavnn.eu

Post

Jamey Sharp

@[email protected] · 5 hours ago

@halcy @yosh Absolutely. Nuance and tempered expectations seem appropriate to me, as usual

yosh

@[email protected] · 5 hours ago

@jamey @halcy

I guess I'm probably more pessimistic about this than both of you. Maintainers aren't always responsive, releases take time to prepare, patches aren't evenly propagated, and even when all fixes are applied companies often wait to update - if at all.

Anyone with a credit card will soon be able to order the exploit vending machine. Projects and orgs that have their shit together will be alright. Many however will not.

Michael Newton

@mavnn · 5 hours ago

@[email protected] @[email protected] @[email protected] Not to be too dark, but hasn't this been true for a while? I'm sure I could find places on the net to buy (or pay people to find) exploits already, and probably roughly as fast. There are a lot of projects/servers or there with less than stellar security, after all. It almost feels like the bigger change is how much it is now public knowledge you can pay for exploits, rather than whether or not you could already.

bonfire.mavnn.eu

News and community around mavnn.eu projects.

bonfire.mavnn.eu: About · Code of conduct · Privacy ·

Bonfire social · 1.0.2 no JS en

Automatic federation enabled