Thank you for your kind comment. I recommend you watch the actual talk, and then understand what exploiting RCEs in things like the Linux kernel at such a scale that defenders can no longer keep up with actually means. The latter is their claim, not mine.
Also realize that, unlike a security researcher, an attacker doesn't necessarily need to review the model out carefully to filter out the slop before a bug submission. They mostly just need to run the shit.
[flagged]
Thank you for your kind comment. I recommend you watch the actual talk, and then understand what exploiting RCEs in things like the Linux kernel at such a scale that defenders can no longer keep up with actually means. The latter is their claim, not mine.
Also realize that, unlike a security researcher, an attacker doesn't necessarily need to review the model out carefully to filter out the slop before a bug submission. They mostly just need to run the shit.
Is your pitch that the reports are slop? Or that they’re so dangerous it’s morally indefensible to share the research?
4 replies →
More like, if you pay a fee to use a service, you can find the bombs already hidden somewhere in your premises.
And? They didn't put the bombs on your premises. Before "the service", you had bombs you didn't know about; after, you get to know about them.
5 replies →