On Releasing PoC/’Sploit Code For Near Zero-Day Vulns
One of my responsibilities as security cruise ship entertainment director is to distill the most complex things down into bite-sized digestible nuggets of chewy informative goodness whilst ensuring a good time is had by all.
It is in this spirit that I offer this gem regarding the release of PoC/Exploit code by supposed "whitehats" immediately after the disclosure of a nasty vulnerability. This post is random, of course, and is in no way a reference to any current event.
This quip was brought to you via Twitter which managed to stay up and functional long enough for me to tweet it:
POC code for near-zero day ‘sploits is like SPAM advertising penis-extending drugs…the only dick it’s helping is the one writing it…
That is all.