|
|
|
|
|
|
by jrochkind1
1927 days ago
|
|
|
"tone policing"? What do you think that phrase means? Who was talking about "tone"? Do you believe in "responsible disclosure" [1] of security vulnerabilities? How does your stated philosophy apply or not apply to ethics around disclosure of discovered software security vulnerabilities? Is that different? [1] https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability... |
|
|
I mean, I get it, it's not the most straightforward mental leap, but I can understand the sentiment.
And as far as responsible disclosure goes, no, the responsible thing to do is to notify everyone at once. Keep in mind if it is right, this means that nation state actors have just been equipped with a roadmap to potentially cracking a lot of banked ciphertext, probably faster than anyone else.
You don't sit on that kind of thing, even if it does mean some corporate actors get burned.
If the only thing saving your rear was an RSA key... Take notice: the clock may have just been significantly advanced. Be you nation-state, corp, or someone who'd just prefer to remain in the shadows.
Suffer thee not information asymmetry to live lest you carry the blood of those you sacrifice on the altar of your limited disclosure. It also hedges against you getting disappeared and suppressing whatever other people you shared it with that remain to keep something so relied upon from being realistically entertained.
I mean, cmon, how long has everyone been joking they'd hate to be the person who discovered how to break RSA, because we all know it would lead t
<SIGNAL_LOST>