As previously promised, Security Researcher Aviv Raff officially launched the Month of Twitter Bugs (MoTB) website on July 1. Aviv will be posting a “Twitter bug a day” on MoTB in order to raise awareness of Twitter APIs and to warn end users of potential problems with the software and systems they use.
MoTB will be following a limited disclosure approach. On the bright side for Twitter, third-party service providers and Twitter themselves are notified of high-risk vulnerabilities at least 24 hours in advance, giving service providers time to create patches before the information goes public on MoTB. When a vulnerability notification is issued, it is hoped that having a deadline will push the affected provider to take action, and the resulting solution will protect end users. On the other hand, if the provider cannot—or will not—come up with a solution in time, the vulnerability information will be posted on MoTB and the bad guys are likely to...
