Kevin Beaumont on Nostr: Just to point it out - vulnerability researchers in China are often S grade, top ...
Just to point it out - vulnerability researchers in China are often S grade, top guys.
They may have legal requirements to inform the Chinese government of vulns before they inform vendors.
Some American edge network vendors are then taking 6 months or more to issue patches, and in some cases aren’t telling customers for over a year that the vuln even exists, nor issuing CVEs, nor giving disclosure timelines.
Ripping out Chinese networking equipment to install American equipment w/o fixing:
They may have legal requirements to inform the Chinese government of vulns before they inform vendors.
Some American edge network vendors are then taking 6 months or more to issue patches, and in some cases aren’t telling customers for over a year that the vuln even exists, nor issuing CVEs, nor giving disclosure timelines.
Ripping out Chinese networking equipment to install American equipment w/o fixing: