It's been ten years, so a short story about the "gotofail" bug. Someone came to me about a catastrophic vulnerability in Apple's TLS implementation. I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures. They didn't know exactly what it was, just some vague details and the key point that it allowed use of the real certificate. This was enough for me to find the bug (yay open source), which would go on to be known as "gotofail", and produce a working exploit in less than a day. The details were anonymously back channelled to Apple, who released a fix. @matthew_d_green@ioc.exchange posted on Twitter about it, concerned by Apple's vague release notes. I used a burner phone to share the details with him anonymously. Then everyone forgot about the whole thing because heartbleed. ¯\\\_(ツ)\_/¯