- Jul 28, 2017
- 108
From the guy who said that there is little reason to use an AE. LoLYou did say that, I just quoted you. You said that 'having your software patched doesn't mean anything' and your argument for this is because you claim most exploits are targeting vulnerabilities which were found but remained to be unknown of to public/vendor for years. But okay.
I would disagree and say that thanks to tons of big services like BugCrowd and HackerOne (and other independent bug bounty programs/security researchers trying to do work out of passion) more vulnerabilities are found and reported to the vendor to be patched more commonly than someone with malicious intent finding one and working out how to exploit it in a real attack.
"Doesn't mean anything" means that you are not fully protected in that context, as I have been writing in all the posts, if you want to survive amplifying that word is your problem.
Yes like all the software is part of bounty programs and everyone is in the right side of the law...
If you don't want to use antiexploit techniques don't use them, but saying that there is little reason to use them is far from being truth, since this has been one of the priorities of the MS security team for months