Conversation
buherator
buherator
"Last week the @FFmpeg account began taunting security researchers. Foolish thing to do, as it ignores the asymmetry of their attack surface vs ours.
So as an exercise I found a stack-based buffer overflow on software that he wrote." - @ortegaalfredo
https://threadreaderapp.com/thread/1991974275532636263.html
Normally I'm all for these stunts, but this one...
So as an exercise I found a stack-based buffer overflow on software that he wrote." - @ortegaalfredo
https://threadreaderapp.com/thread/1991974275532636263.html
Normally I'm all for these stunts, but this one...
1
1
2
Aaron Sawdey, Ph.D.
acsawdey@fosstodon.org@buherator we need a new internet for the people who just want to do useful stuff.
Do I recall that the issue was ffmpeg maintainers tired of endless issues filed by giant corps who are using it but not actually helping?
1
0
0
buherator
buherator
@acsawdey it's complicated... if you squint, pointing out bugs is a form of help, but the P0 disclosure process (designed to incentivize other large corps) doesn't seem to work with highly popular, but underfunded OSS.
I don't know the solution, but shiting on individual developers code is probably not it.
I don't know the solution, but shiting on individual developers code is probably not it.
1
0
3
@buherator@infosec.place @acsawdey@fosstodon.org fix bounties when
0
0
0