As stated previously, it wouldn't work unless the company was prepared to disclose all reports at two stages: 1) hash of unpredictable description of the issue when the issue is reported, 2) hash input when the issue…
It comes down to how much companies are willing to reveal after the fact then. If companies aren't prepared to reveal enough unpredictable detail involved in an exploit after the exploit had been fixed, that's another…
The hash input could just be a generic description of the bug, minus any sensitive info, plus some salt. All report hashes would have to go public as soon as the report is accepted. The hash input could go public once…
Couldn't companies just publish a list of hashes of existing but not yet public disclosures? Seems as if that could solve the issue of doubt wrt timing.
This is why apps like netguard are a must. Is there an equivalent for iOS?
As stated previously, it wouldn't work unless the company was prepared to disclose all reports at two stages: 1) hash of unpredictable description of the issue when the issue is reported, 2) hash input when the issue…
It comes down to how much companies are willing to reveal after the fact then. If companies aren't prepared to reveal enough unpredictable detail involved in an exploit after the exploit had been fixed, that's another…
The hash input could just be a generic description of the bug, minus any sensitive info, plus some salt. All report hashes would have to go public as soon as the report is accepted. The hash input could go public once…
Couldn't companies just publish a list of hashes of existing but not yet public disclosures? Seems as if that could solve the issue of doubt wrt timing.
This is why apps like netguard are a must. Is there an equivalent for iOS?