-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't want to come off as some Google fanboi or anything, and I don't always agree with P0's methods, but Google's business model pretty much starts and ends with people using the internet (and not just Google's own services). Making (or appearing to make, whatever your opinion is) the internet safer by finding and getting bugs fixed seems like a pretty good start in that regard.
Andreas On 07/31/2015 06:52 PM, Michal Zalewski wrote: >> I went back a couple days ago and re-read the latest Qualys >> exploit, as you should: http://seclists.org/oss-sec/2015/q3/185 >> . > > Interestingly, history sorta repeats itself: > https://lwn.net/Articles/6137/ > > Now... while I generally agree with you that some of the > most-publicized work is usually just a distraction and that it > gets picked up by the press based primarily on how much effort is > put into marketing the research and whether it superficially > touches one of the "cool" topics (IoT, mobile, privacy), this one > snippet caught my eye: > >> [...rant about P0...] Why would you have all your best hackers >> working on random external companies and not securing the stuff >> you deliver to customers and depend on for your business? Where's >> all the hard core XSS work against Inbox.google.com that needs to >> be publicized? > > While folks tend to have strong opinions about P0 and I don't > really want to change yours, this bit seems a bit harsh. The vast > majority of our security folks are indeed working on other things, > including some really phenomenal work on systemic XSS mitigations > (or multiple containment layers for AppEngine, so that breaking one > is not a game-ending situation). P0 is a comparatively small > effort, given the overall size of our security team, and it caters > specifically to people who don't want to do anything but vuln > research, full-time. > > Heck, I like breaking stuff and I'm not on P0. > > /mz _______________________________________________ Dailydave > mailing list [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVu8S0AAoJEI415gQuBbe0og4QAIm11CflTFBgg6fup0GJhmaS JvkXBXVLZnJ7wf3BlL75Jf3ehOXuGhSFyc8nsQs7WqBnchVpkz+JW8/CfIsXITIp mO/eN+yDGrNJO3lceC2XY0hEOp8rwfiWt1o3ztSnbKWKyuSXrOL+2pE7dy0QUFbv k+Lq2LmJoJAn/zZQmDVG/GXug0TpRDOK8zuPpcR9MaZ8jgdl1dW78arvAoonYCrv CsrY3HSIZimA8KEschBu8PyrCDnQ15v5aFNG7dML/POw6KHDz/myZjHlLPueCUtS l1xiyx8gmfxFmMRqnE/9hSfOVZJ7Osl1JL8YmcIzi8ytcY2rNBeeoWc0fZJ8EV2T MQ901cywuJuZF27goYjq6nj8b2QsPYiXgdjH5IKf/vNhrjDG+h/vsoKuL08V262u wtUrWdWvLd+xe88EpEukdy7keA5wMDSkafwEjTbdafmSA7JNBeyRO9JpD6PEJ9F7 L7+bjTfbYT2LaC09v8yEAn0Z5Fo2S0EH7ctitz4VCYfSmYNmPptLSN/1h3kgLQO5 QmNm9yz6p8Lsg69zsqHIu8mHsyzG5kRTPxlgsENpytaZ1hd7Ft2iGUTuU0GiZdkB Webep2xzaCPWrBhj+HLnjkA93bLPB4Lbdtw8pISCQ4IOQKPxhE78YtVip0F1h9hX OLuecrT92lTxfxnZn3Xv =JIPb -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
