buffers still overflowing RT ≠ endorsement. views my own...i think
Nov 28, 2019 • 9 tweets • 3 min read
thread with "inspirational" bits from CISA's draft Binding Operational Directive 20-01 "Develop and Publish a Vulnerability Disclosure Policy" (cyber.dhs.gov/bod/20-01/) (h/t @WeldPond)
Agencies should recognize that “a reporter or anyone in possession of vulnerability information can disclose or publish the information at any time”