EEVblog Electronics Community Forum

Products => Computers => Security => Topic started by: madires on August 22, 2022, 11:58:20 am

Title: CrowdStrike has a problem with vulnerability disclosures
Post by: madires on August 22, 2022, 11:58:20 am

Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor: https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html (https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html)

So CrowdStrike tries to force you into a bug bounty program including an NDA to control the whole disclosure process (and you). :--

Title: Re: CrowdStrike has a problem with vulnerability disclosures
Post by: Nominal Animal on August 22, 2022, 02:54:07 pm

Any bets on whether CrowdStrike will try a DMCA takedown on that modzero link?

You know, as a "vulnerability mitigation strategy".  "If our clients don't know about it, the vulnerability does not exist."