Matt Rose, global director of application security strategy at Checkmarx, said he was wary about Zimperium releasing the exploit code.
“The reasoning here is that it is a real issue and consciously being ignored then by the vendor and releasing the actual code would push them to acknowledge and remediate the issue and was necessary. However, if the vendor was contacted and they acknowledged the issue and said it was being addressed immediately then I would not support the release of the exploit code,” Rose told SearchSecurity. “In this example it is irresponsible in my professional opinion and is being used to promote Zimperium’s capabilities and not protect the provider or the end users.”
Read the full report here.
