I make this point a lot also - to folks feeling overwhelmed - keeping the pace with info overload is new. It's a very interesting challenge. :)
On Mon, Dec 4, 2017 at 3:08 PM, Dave Aitel <[email protected]> wrote: > So for a while it was like being on a treadmill trying to keep up with > the security communities technical advances. These days, it's like being a > guy on a skateboard while several fireman shoot you with firehoses from > different directions. Even staying current on one platform seems impossible > for super-experts. > > I say this, because I noted someone pointing out that the DirtyCow patch > maybe didn't work, and maybe didn't work in an exploitable way. Look, I'll > be honest, I didn't even have time to read the analysis yet, and when I'm > doing dishes even I've got the phone propped up so I can watch whatever > videos HITB released that week. But nobody can keep up. Which is a somewhat > new phenomenon really. > > I saw people on the Steptoe podcast pointing at this: > https://www.recordedfuture.com/chinese-vulnerability-reporting/ report > which "shows" that the Chinese have their own version of the VEP, as for > some bugs they were demonstrably a lot later than for every other bug. > > Here's my point as it relates to policy wonks and the VEP: Nobody has the > number of vulnerability researches on hand who could tell them that THEIR > version of DirtyCow was or was not properly patched by the publicly > reported patch/vuln. The workload for knowing if any two bugs are the same > bug or if any patch actually worked is so much higher than is publicly > discussed. I mean, half of twitter is just Steffan Esser pointing and > laughing at Apple's security engineers these days. > > -dave > > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > > -- Thanks, Dr. Jared DeMott Founder, VDA Labs www.vdalabs.com
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
