|
|
|
|
|
|
by GoldenGate67
51 days ago
|
|
|
Whoa, what the heck!? When I read the site yesterday, I wondered why they disclosed such a critical but (root access on any shell!!!) without waiting a long while for vulnerable systems to be updated. it’s abhorrent to see that they didn’t even wait for an update to release in the first place. |
|
|
Them not disclosing doesn't make you safer. The people that want to abuse this could be actively exploiting it shortly after the commit went live. Waiting more time before the blog / marketing release is NOT the help you think it will be.
This is a very, very, old debate in the security community, just read the rest of this thread and you'll see plenty of explanation as to why.