@freddy@social.security.plumbing That's true. I certainly am not saying that full exploits don't have value, but that we can do them after the patch for further research into mitigation techniques. These are orthogonal works, i.e. exploit research (including on mitigations) should not be (and probably does not need to be) applied on unpatched vulnerabilities.
I haven't read it in depth, but I know there is some work being done on demonstrating the existence of exploits given the primitive(s) without development of a concrete exploit. I think this is a great step forward, if it actually starts seeing use, but this is a bit out of my wheelhouse and I worry it may be an excuse to get out of doing defense in depth...
=> More informations about this toot | View the thread | More toots from addison@nothing-ever.works
=> View freddy@security.plumbing profile
text/geminiThis content has been proxied by September (3851b).