home.social

#semanticgap — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #semanticgap, aggregated by home.social.

fetched live
  1. You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.

    The vendor reviews it twice, involves engineering, then tells you:

    "Your research demonstrates a complex chain for delivering and executing code."

    ...and closes it as 'intended behavior. Not a platform vulnerability.'

    Question: is it a vulnerability?

    Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?

    Asking because I have a paper dropping soon about that.

    #VRP #responsibleDisclosure #semanticGap #infosec #securityResearch