I am involved in doing vulnerability trends research but have also a team that works on a vulnerability database. There's a couple points in your article I'd like to discuss with yourself and Google.
You highlight some good points. In addition to transparency, I would like to suggest that compilers create a sort of feedback loop with customers with whom they are sharing the reports. The lack of feedback loop or a channel to further probe into the vulnerability leaves the customers to decipher the report on their own without having an intimate knowledge of the product design or the how the report was compiled.
Follow
3 comments :
Hey Adam,
Is there an email address I can contact you at?
I am involved in doing vulnerability trends research but have also a team that works on a vulnerability database. There's a couple points in your article I'd like to discuss with yourself and Google.
Adam,
You highlight some good points. In addition to transparency, I would like to suggest that compilers create a sort of feedback loop with customers with whom they are sharing the reports. The lack of feedback loop or a channel to further probe into the vulnerability leaves the customers to decipher the report on their own without having an intimate knowledge of the product design or the how the report was compiled.
Thanks,
Saqib
David,
You can contact the Google Security Team at security@google.com. All best,
Jay
Google Communications
Post a Comment