|
|
|
|
|
|
by fulafel
1538 days ago
|
|
|
Are you referring to existence of the exploit they say they sent to the Spring team? I think in general it's a bad social standard that people get asked for proof by exploit about disclosed vulnerabilities. At most it should be a tool to convince the vendor if they're not competent enough to see the exploitability right away. In many cases developing it is more work than finding the hole, you're just doing work toward faster weaponisation by bad guys, and distracts from vulnerability research. |
|
|