Profile picture
halvarflake @halvarflake
, 15 tweets, 2 min read Read on Twitter
I will watch the Livecast about Software Vulnerability Disclosure, and I strongly suspect I will comment on it in this twitter stream.
alde.livecasts.eu/software-vulne…
Some recommendations will apparently be the output of today, but they seem to not be final yet(?)
First panel is interestingly composited - an Airbus CISO and a Microsoft Cybersecurity Policy person. The representative for civil society is missing - due to flue. A representative for security researchers is also missing, but wasn't on the agenda in the first place (?).
I am not sure if I would call the composition of the 2-person panel (dialogue?) balanced - but I will wait and see and give the benefit of the doubt.
Is there an easy way to figure out where which think tank gets it's funding from? It is hard to understand the battle lines / political influences for CEPS, stiftung-nv.de, and the other think tanks in the debate here.
Currently Lorenzo Pupillo surveys the various approaches to vulnerability disclosure. Somewhat focused on "on-paper processes", not necessarily on what happens in practice.
Pupillo calls for protection & incentives for security researchers, citing among other things the US hack the pentagon programme.
Unfortunately, the speaker's accent is so heavy that it is difficult to understand the actual recommendations :-/.
Are the actual recommendations available in writing for outsiders? I did not manage to understand them fully as they were presented.
The Microsoft guy argues that no vulnerability information should ever be made public without a patch being available.
Microsoft's lobbyist really hates disclosure.
I will self-censor somewhat now, but I don't think I could disagree more with the MSFT guy, and I do not see anybody on the panel that is capable to provide a counterpoint.
I am a big fan of @MarietjeSchaake 's question to the MSFT person, asking what the responsibilities of the software vendors are.
Good question by @blackswanburst on why disclosure dates are public, but not the dates of initial report to the vendor normally.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to halvarflake
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @halvarflake see all

Profile picture
It is hard for me to interact with organizations that have broken processes at times. Todays episode: A bank I am a customer of. I am furious with them because their extremely broken processes produced an adverse outcome to me. The person I am interacting with is not ...
... directly at fault, so voicing my anger there won't help. But how to reach someone that is actually in a position to fix broken processes? Is there even such a person?
A well-run business has a way that customer complaints can actually lead to a proper 'postmortem' - what went wrong, and how can we fix ourselves so it does not go wrong again. This also implies that customer service needs to be empowered to fix processes, or at least have ...
Read 5 tweets
Profile picture
The following article is worth a read for people with an interest in economics: ergodicityeconomics.com/2017/08/14/wea… -- I strongly disagree with the low-interest-rate-speculation at the end of the article, and I think the authors get the causal relationship entirely wrong, but the ...
... intriguing parts of this article lie elsewhere: (1) The redistribution-coefficient in their simple model turned negative in the US in the early 80s. This would imply that the government is actively making inequality worse. (2) This starts making intuitive sense if one ...
.. examines the model assumption (where taxation is proportional to wealth, vs. the reality that it is mostly based on income).

This very simple model may be making a very strong theoretical point for taxing wealth, not income.
Read 3 tweets
Profile picture
The root cause of the pervasive insecurity in IT are not individual bugs. They are design decisions driven by organisationally and economically misaligned incentives. Thinking that the patching of a single bug matters misunderstands the reality.
Defenders don't try to fix individual bugs because the individual bug makes a big difference to the security of a system. The goal is always to drive structural improvement.
Attack surface reduction. Better isolation/sandboxing. Complexity reduction. Removal of legacy cruft.
Read 4 tweets

Related threads

Profile picture
@IanDunt We are. Problem is distribution. We just aren't getting traction with those who have platforms.

I was an assoc. prod on a pro-EU documentary. Critics who usually review our director's films said sorry, no can do & some cinemas declined to screen it for fear of Brexiter backlash.
@IanDunt Here's one of my own small efforts:
@IanDunt There's a slower version of 101 Reasons To #Stay on Youtube, for anyone who may be interested:
Read 17 tweets
Profile picture
💣Espionage💣

The servers at TT & Alfa Bank, Spectrum Health & Heartland PS, were communicating via DNS look ups, sharing packet data.

‘GOP, Trump & Rick Gates are reportedly directly implicated in espionage against the US 2016 primary/Pres elex via help from a foreign power.’
💣Espionage💣

Rick Gates, the indicted Trump campaign official and Manafort aide & GOP Operative sought proposals from Psy Group an Israeli intelligence firm to run a coordinated disinfo campaign against US voters to help Trump win the primary & general elections.

.
💣Espionage3💣

Initially Psy-Group offered a social media manipulation campaign which included fake social media profiles that would attack Ted Cruz and discredit him the eyes of GOP Party delegates, who was at the time Trump’s main competitor for the GOP nomination.
Read 78 tweets
Profile picture
#Twitter: what is it good for? How do you get good at it? And what will we do when it's gone? Today in pulp I share a few insights I've gleaned from almost five years of running this account.

Its about to get all meta...
Most people's tweets are a stream of consciousness, and Twitter itself is a daily flow of 500 million of these across the surface of your phone. You are currently looking at the collective unconscious of the planet...
And like any examination of the unconscious you will see things on Twitter that fascinate you and things that disgust you. This is part of its attraction: the filters of discourse become permeable, allowing the unsayable to leak across.
Read 19 tweets
Profile picture
#Twitter, bot ve aktif olmayan hesapları temizleme işlemini bugün tekrardan gerçekleştirdi. Birçok kişinin takipçi sayısında azalma var.
Aynı zamanda #Twitter zamanında askıya alınan ve takipçimiz olan kişilerin hesaplarını da tamamen ortadan kaldırıyor. Takipçi azalmasının nedeni bunlar. Bu çalışmanın devamı gelecekmiş.
#Twitter profilinizde kaç reel kaç bot hesap var bu site/uygulama üzerinden görebilirsiniz.

Uygulamayı kaldırmak için: Ayarlar > Uygulamalar > Erişim izni kaldır

twitteraudit.com
Read 3 tweets
Profile picture
💪A thread on amazing Twitter threads 😍👇
In the process of revamping my #Twitter profile (dormant earlier), I have come to appreciate the wonderful underutilized platform it is!
Some threads contain crisp knowledge capsules that can help many. Starting 1 on such curated content
1. I largely rely on this: threadreaderapp.com to find content
2. What I wish to share is what coincides largely with my interests- #Learning, #Investing, #Behavioralpsychology (#mentalmodels, #bias, etc), #Businessbooks, Industry insights/case studies, Life experiences, etc
3/n
 While it will be difficult to structure the order of content here, I will try to block threads by category (as noted above & more). Feel free to comment with any good thread that you would have come across. Cumulative learning always helps.
#vicariouslearning
Read 37 tweets
Profile picture
This is gonna be long, but I think it's worth it. A well-regarded twitter poster, let’s call him Giorgio, has recently publish a thread stating among other things as follows. “The pathways to stopping or delaying Brexit are blocked.
But once the mandate is discharged, the pathways to UK rejoining, or being in a close association agreement with EU, within the single market and customs union, will be open, with no obstacles.”
This approach annoys me for two reasons, one because Giorgio seems to be attempting to cajole Remainers to put all activity on hold until we actually leave the #EU.
Read 17 tweets

Trending hashtags

#Wordsmatter #CharlieMunger #WTO #Airbnb #Pedophile #HeForShe #Crypto #Twitter #Stay #politics #TRAITOR #Disruptors #Biden #JourDuDepassement #US #Brexit #Munger #Yoda #encyclopedia #EU #bias #HRC36 #infosec #DNC #Mscron

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!