> “‘Fix this code,’ plus several manual steps to generate test scripts,
Feels like the title isn't really giving the full context of what they ended up actually seeing, despite what the lede implies multiple times.
Still, ban seems stupid... Still no actual leak of the full "third-party research paper"?
If what your patch fixes is a vulnerability bug then the test for it is basically an exploit.
isn't there a pretty big gap between a segfault and an rce? I thought that was the entire point -- that mythos closed the gap
that won't be leaked, because then we'd know what vulnerabilties they don't want patched that they are so willing to go as far as fuck over the worlds leading company in the worlds most important industry