@xylogx.bsky.social
An infosec pro with 20+ years of IT experience.
Dumping a bunch of vulns on someone who cannot realistically fix them in the them in the time available is kind of the opposite of responsible disclosure.
November 3, 2025 at 2:40 PM
Dumping a bunch of vulns on someone who cannot realistically fix them in the them in the time available is kind of the opposite of responsible disclosure.
Agreed, Google should be providing patches. But even if they agreed to start doing this, it would take time to implement. Simply adjusting their policies to account for situations like this is something they can do right away.
November 3, 2025 at 2:40 PM
Agreed, Google should be providing patches. But even if they agreed to start doing this, it would take time to implement. Simply adjusting their policies to account for situations like this is something they can do right away.
After reading the thread, there seems to be a common sense solution: when getting a report with a large batches of CVEs like this, you should get longer than just 90 days to fix them. Overall the tone of the conversation seems to be driven by AI backlash as much as real world issues.
November 3, 2025 at 2:26 PM
After reading the thread, there seems to be a common sense solution: when getting a report with a large batches of CVEs like this, you should get longer than just 90 days to fix them. Overall the tone of the conversation seems to be driven by AI backlash as much as real world issues.
Good stuff! Sounds like an opportunity for some ambitious infosec reporter. Thanks!
November 3, 2025 at 2:16 PM
Good stuff! Sounds like an opportunity for some ambitious infosec reporter. Thanks!