| ▲ | ryukoposting 2 hours ago | |
I'm no expert on any of these programs, but that's kinda the problem, isn't it? No single person is an expert on every codebase supposedly exploited in this repo. After a bit of research, the Firefox one seems plausible to me. But, I haven't actually tried the POC. The explanation about the private-data and untrusted-input flags is plausible but I'm not an expert on Firefox's internals, maybe that's not actually how it works. This just sucks, all around. Are we going to need every open source project gawking at the same repo full of stuff that has nothing to do with them, on the off chance that someone discloses a vuln that does have to do with them? Is this some kind of performative complaint about high friction in responsible disclosure? Well great job dickhead, you've just made a system that's even worse. Nobody benefits from this. Yuck yuck yuck. | ||
| ▲ | trinari 2 hours ago | parent | next [-] | |
I actually prefer them being public than in some governments or corporations toolbox | ||
| ▲ | DANmode an hour ago | parent | prev [-] | |
> Nobody benefits from this Disclosures always enable more secure software to theoretically exist, even if nobody follows through creating it. They often do. | ||