
Security researcher discloses four IBM zero-days after company refused to patch - wrkronmiller
https://www.zdnet.com/article/security-researcher-discloses-four-ibm-zero-days-after-company-refused-to-patch/
======
detaro
Direct link to source:
[https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm...](https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md)

------
egberts1
Probably should not have named a product or URI as ‘albatross’, lest they get
a dead one around their neck.

I mean, really, to NOT accept a freee vulnerability and be force-herded
through a portal full of terms and condition. Me think IBM lawyers are trying
to rope too much of the free Internet in. Oh wait, they did ... and failed.

------
janee
Oh I thought they were trying to say the reporter isn't elegible for a
bounty...but then saw there is no bounty.

Why do they care whom the bug reports come from? Or is it just some ploy so
they can discard reports when they want...if so why even have this in the
first place??

------
service_bus
IBM tells CERT they don't care.

That's quite the "process error"

