Blaze (he/him)

  • 81 Posts
  • 1.09K Comments
Joined 2 years ago
cake
Cake day: August 9th, 2023

help-circle

  • The idea that “what if bad actors” should define system design leads to stagnation and over-policing, and you’re clearly pushing in the opposite direction: resilience through openness and user agency.

    I’m not sure. CSAM attacks happened in the past, it was good to have admins and mods jumping in to block those. In your system a high number of users have to see this type of content for it to be removed



  • I usually agree with you, but here @troed@fedia.io is right.

    Full disclosure

    With the full disclosure approach, the full details of the vulnerability are made public as soon as they are identified. This means that the full details (sometimes including exploit code) are available to attackers, often before a patch is available. The full disclosure approach is primarily used in response or organizations ignoring reported vulnerabilities, in order to put pressure on them to develop and publish a fix.

    This makes the full disclosure approach very controversial, and it is seen as irresponsible by many people. Generally it should only be considered as a last resort, when all other methods have failed, or when exploit code is already publicly available.

    Responsible or Coordinated Disclosure

    Responsible disclosure attempts to find a reasonable middle ground between these two approaches. With responsible disclosure, the initial report is made privately, but with the full details being published once a patch has been made available (sometimes with a delay to allow more time for the patches to be installed).

    https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html#full-disclosure