Vulnerability dumping time

Posted by Eldar Marcussen on Tue Sep 13 03:48:00 EDT 2016

As I have recently changed employers I will be releasing all the vulnerabilities I discovered on my own time while I was with BAE Systems. Some of these have been patched for a long time and some have never received vendor acknowledgement. As I no longer have access to the email addresses used for coordination I will not make any further attempts at coordinating the disclosure of these vulnerabilities besides posting them to the vendors public bugtracker if they use something like github. This also means that these advisories will not contain timelines.

As I haven't completely migrated my blog over to nb I will be posting the advisories as blog posts and space them out so I get time to edit them. If you feel the need to argue disclosure rhethoric, come find me on twitter as blog comments are closed.


Posted by Eldar Marcussen | Permanent link | File under: vulnerability, disclosure