When it comes to vulnerabilities affecting modern day browsers, there are two ma... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kibwen on March 7, 2012 \| parent \| context \| favorite \| on: Chrome exploit and sandbox escape demonstrated at ... `When it comes to vulnerabilities affecting modern day browsers, there are two main categories: code execution and post-exploitation bypasses (sandbox escapes). [...] Without one of these, the second type of vulnerability is neutered.` The idea is to encourage researchers to divulge only their more common (and thereby relatively less valuable) code execution exploits, as fixing these exploits alone will (according to ZDI's theory) defuse any threat the sandbox escape exploits pose.

daeken on March 7, 2012 [–]

ZDI, though, is insanely biased in this regard. They make their money by selling protection to companies -- fewer bugs, less money for them. Google has a vested interest in making their software more secure, ZDI has a vested interest in keeping their customers coming back for more patches.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact