← Back to context Comment by bawolff 19 hours ago Its not the reporter's fault that other people broke the embargo. 6 comments bawolff Reply progval 19 hours ago They don't have to publish a working exploit as soon as the embargo is broken, though. throw0101c 18 hours ago Perhaps, but if the exploit code is published folks can double-check that they implemented the mitigations properly.If there's no PoC, how can you really be sure? john_strinlai 19 hours ago anyone who will use the exploit maliciously will immediately and trivially be able to create a working exploit. j16sdiz 2 hours ago The third party posted an exploit. staticassertion 13 hours ago An exploit was already published. mike_d 19 hours ago Why not? There has already been a working exploit floating around, at least now it comes from an authoritative source.
progval 19 hours ago They don't have to publish a working exploit as soon as the embargo is broken, though. throw0101c 18 hours ago Perhaps, but if the exploit code is published folks can double-check that they implemented the mitigations properly.If there's no PoC, how can you really be sure? john_strinlai 19 hours ago anyone who will use the exploit maliciously will immediately and trivially be able to create a working exploit. j16sdiz 2 hours ago The third party posted an exploit. staticassertion 13 hours ago An exploit was already published. mike_d 19 hours ago Why not? There has already been a working exploit floating around, at least now it comes from an authoritative source.
throw0101c 18 hours ago Perhaps, but if the exploit code is published folks can double-check that they implemented the mitigations properly.If there's no PoC, how can you really be sure?
john_strinlai 19 hours ago anyone who will use the exploit maliciously will immediately and trivially be able to create a working exploit.
mike_d 19 hours ago Why not? There has already been a working exploit floating around, at least now it comes from an authoritative source.
They don't have to publish a working exploit as soon as the embargo is broken, though.
Perhaps, but if the exploit code is published folks can double-check that they implemented the mitigations properly.
If there's no PoC, how can you really be sure?
anyone who will use the exploit maliciously will immediately and trivially be able to create a working exploit.
The third party posted an exploit.
An exploit was already published.
Why not? There has already been a working exploit floating around, at least now it comes from an authoritative source.