According to the "security by obscurity" law, you cannot really open to the public something which had always been hidden from it. It would open the door and expose people still using it to a huge attack risk imho
6
17
I understand that, but imagine the sheer amount of 0-days which will flood the black market the second day Microsoft would expose a massive, un-audited codebase to the public. I am not saying they should not do it, I am saying that it may took some time to audit it
4
6
My 2c: Binaries with private symbols have leaked in the past, hexrays + private syms is almost as good as source, and no 0day flood has happened. When entire NT4 and 2k source leaked, no 0day flood happened.
1
2
Isn’t Edge source code already available through MS Shared Source Initiative? If so, enterprises, foreign nations, academics, OEMs, etc already have the source code - the 0-day horse is already out of the barn.
microsoft.com/en-us/sharedso…
Dec 9, 2018 · 6:45 AM UTC
1