I'm not sure how to explain this intuition, but clearly [email protected] is pretty owned. It's a high priority target that is by definition poorly defended. So when people submit bugs to Microsoft or Adobe or really any commercial company, they are sending a signal to various APTs which may or may not act on that signal, depending on their particular OPSEC guidelines.
Obviously in some cases this is institutionalized - Governments (and not just "friendly" ones) can and do ask for a heads up on various vulnerability pipelines. So on one hand, if you're doing statistical analysis you will say "There is a huge overlap in the kinds of bugs we are finding and the kinds of bugs our adversary has! We are making a difference!" And on the other hand, maybe they are reading your mail, and killing the ones you happen to find, like a farmer culling the herd of a sick sheep. [image: Screenshot 2015-10-19 at 08.49.33.png]
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
