Vulnerability reports, on their own, do not protect anyone. The value comes from validating the issue, understanding its impact, developing and testing a patch, coordinating disclosure, and helping teams deploy the fix.
大多数人认为发现并报告漏洞本身就提供了安全价值,但作者明确表示,单纯的漏洞报告并不能保护任何人。这一观点挑战了安全行业普遍重视漏洞数量而非修复质量的共识,强调了从发现到修复的完整流程才是真正有价值的部分。