Ребята, мы начинаем интервью с Claudio Criscione который занимается тестированием безопасности в гугле
Claudio, recently the world has been shattered by the Wannacry ransomware, which is built using the vulnerability that went into the wild by revealing the CIA codebase dump.
Do you think that current policies for CVE and the time by which it goes public is not always a good thing? I mean, the risk factor of the vulnerability that is not yet fixed may cause much more trouble than keeping it private. Does the overall CVE mechanism should work as to 'punch' companies in fixing critical vulnerabilites as soon as possible? Or is this more of a cooperation-oriented process?