TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

33% Positive

Analyzed from 156 words in the discussion.

Trending Topics

#vulnerability#software#seems#disclosure#kidding#something#https#org#fix#deep

Discussion (5 Comments)Read Original on HackerNews

bombcar•about 2 hours ago
This is the classic response of a troll.
kstrauser•about 2 hours ago
> and it seems that experimenting with odd vulnerability disclosure schemes is frowned upon.

Good grief, you weren't kidding.

No kidding, my guy. We've spent a few decades coming to a rough consensus on the right way to report findings. No one's likely to have patience for trying something totally different where they don't have standardized playbooks to follow.

homebrewer•about 3 hours ago
Previously:

https://news.ycombinator.com/item?id=47941590

aaronbrethorst•about 2 hours ago
Tangential: the favicon for dustri.org is from a really delightful (and hilariously dark) children's book called "I Want My Hat Back" https://en.wikipedia.org/wiki/I_Want_My_Hat_Back
bmandale•about 2 hours ago
Missed the original. That seems like a reasonable way to highlight software that you believe is fundamentally insecure. Obviously you can't be on the hook to fix deep architectural issues yourself, but just submitting a single PR will be treated as "problem solved". Since most of any software contains some vulnerability, just saying "this software has an RCE" isn't actually a disclosure at all. The real issue is that the given vulnerability was (supposedly) easy to find, which if true is not something that will be fixed by targeting just that exploit chain, and needs deep changes to fix.