two exploits discovered, one sent to half the team, the other sent to the other ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jefftk on March 28, 2013 \| parent \| context \| favorite \| on: Extra security measures for next week's releases `two exploits discovered, one sent to half the team, the other sent to the other half` That would only work with brazen leaking. If a security team member were selling 0-days to organizations that intended to make extremely limited and careful use of them, it might never become public that exploits were being leaked.

ffk on April 2, 2013 [–]

I agree, I suspect the best way to be caught is for the malicious team member to tell someone who turns them in. Most likely it doesn't ever go noticed. Also, it's fortunate that the information received by the security teams typically has a relatively small window of opportunity to perform the exploit.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact