Can't believe I'm voluntarily wading into this, but here we go.

When you share those full details, that's when I drop everything & get to work (and I usually pull in my teammates too ). It's not just another cool vuln, it's something being used to harm. 1/6 https://twitter.com/berendjanwever/status/1322209003548585991

As an example, here's how I approach it as soon as the details are out:
-understand the root cause & exploit method
-think of potential detection methods & talk to the folks who can implement them if it's not us 2/6

-find variants that the attackers either already have (and may even be using) or could easily switch to and try to get them fixed at the same time as the original bug
-brainstorm fixes, mitigations, system improvements & share them 3/6

The attackers already have all the details & are actively using them. When they're not shared, I & others who have the resources & the want to help, can't. I sit twiddling my thumbs, a very sad Maddie. This creates an asymmetry of information w the attackers knowing more. 4/6

I personally think it's *even more* important to do these things quickly when a mitigation is not available. After ~1yr of focusing exclusively on ITW 0days, I'm learning just how much I, my teammates, & other researchers really can help. 5/6

I know not everyone will agree: disclosure debates will be the one constant in our lives. But I thought I'd share, how I, a defender, can make an impact, but I need the details to do it. 6/6.