Vulnerability Management

Cherrypicking vulnerabilities…

by Pete Lindstrom • March 15, 2007 • Comments Off

… is simply a selfish, egotistical exercise by people who don’t understand the nature of risk. Like here.

Disclosure in the Web 2.0 world is a different beast from what we see with client-side ones, with a different risk model. Obviously, Chris Shiflett can do whatever he wants but it is entirely arrogant for him to think he is doing Amazon and the rest of the world a favor.

I wonder if one could gather enough forensic evidence to determine causation between an attack against Amazon and the OmniTI CSRF post. Have to ask my business lawyer friends if there are any grounds for an Amazon lawsuit…

Post navigation

← Prospect Theory Basics

On Bias, the Wisdom of Crowds, and Philosophical Majoritarianism →