Quote:
Originally Posted by techhelpbb
There is no way I can state my case that the remedies presented in the Einstein report will not be sufficient to prevent exploit in this FIRST related forum or any other FIRST forum publicly. If I make my case, eventually escalating to successful public proof of concept. All I'll be doing is enabling people with bad intentions. Proving my point is not worth the harm it will probably cause to hundreds of thousands of kids.
There is clearly no time remaining to do anything about the issues anyway.
Come what may. I'm glad that having the highest score is not my highest priority.
|
Those with bad enough intentions will probably discover it sooner or later (or have already figured it out. Many exploits in software end up working this way). Disclosure is not always a problem. If you believe there is a reasonable mitigation (such as a firmware update, or more stringent procedures in pits+field) that could be made I'm sure many would appreciate it being public knowledge, especially if you have tried reaching out to FIRST already.
However, if you believe it is an issue with no easy mitigation that shakes the current technology foundation of the field and robot control systems to its core, disclosure might not be the best idea unless you are reasonably sure someone is using it.
Just my two cents.