6
votes
What programming/technical projects have you been working on?
This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?
I recently wrote an exploit for a soho network switch. I wrote up a report and submitted it to the company about a month ago. I've been holding off on submitting it to MITRE for a CVE because it feels like it might be the best course to await acknowledgment from the company. But I haven't received much back from them. Last week, they (finally) wrote back to request access to the proof of concept. Supposedly, it has been sent to the product team.
I'm debating how much longer to give them to review internally before moving forward. I'd like to submit this report to MITRE and get that process underway. I'd like to have their confirmation first, but I don't get the impression they're making this a priority. I'd also like to publish my findings as a warning to others who might buy this product, as I don't think they're going to patch it. And ultimately, this is a project that I'd like to include on a resume, as I'm trying to transition careers from doing construction for most of my life into working in tech. This is the most noteworthy project I've done so far and I'm excited to be able to include it. But at the same time, I'm trying to be empathetic toward the company to give them a reasonable amount of time to respond.
If anyone has any experience with the CVE process, I'd appreciate any pointers.