|
|
|
|
|
|
by Javantea_
4050 days ago
|
|
|
Thank you for your critical comments. I find that when I keep my opinions to myself, people assume that something very different than what I am thinking. I have become more outspoken recently as I have found that people are more willing to listen to and argue things that they disagree with if they trust the person saying it (yourself perhaps?). The audience of this document was the TA3M Seattle group, which is very different from the average tech audience. It was a mix of people who are programmers and people who are not. I tried to put the subject area into both areas. If I was speaking to a tech audience, I would have made the paper more like this: https://www.altsci.com/ipsec/ipsec-tools-sa.html and simply described the problem of software security prediction instead of trying to give people actionable advice and the reason why. So this document attempts to give people 0-day and the motivations behind naming software as unmaintained. I think that most people don't understand how many hours I spent trying to report my findings (~20 hours) when finding the vulnerability took just 3-4 hours. If we want secure software, we need to remove IPsec-tools and similarly unmaintained software from the open source ecosystem so that we don't spend 20 hours trying to contact them every time we find a vulnerability. |
|
|