Nostr Web Client

The disclosure timeline on this post is just not acceptable by Microsoft.

I made this plea on Twitter a while ago - security researchers, please include full timelines like this in disclosures. This one isn’t isolated. The more this kind of thing comes out in public, the more it forces cloud providers to properly resource security fixes.

https://www.tenable.com/security/research/tra-2023-25

Kevin Beaumont 2y ago

One thing I’ve noticed is Mandiant now assign their own CVE like numbers to cloud provider vulnerabilities like this.

There really needs to be a properly, commonly agreed up system like CVE for this (not run by Google). I know there’s attempts at this, I hope they take off.

The illusion the cloud is magically secure is just that; an illusion. At the minute cloud providers are hiding behind lack of regulation, lack of transparency & deliberate subterfuge to protect shareholders. It’s not great.

Reply to this note

Please Login to reply.

Discussion

Rachel Rawlings 2y ago

nostr:npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux I thought the CVE numbering system was already a project of MITRE and NIST.