1 |
On 12/16/2016 02:57 PM, Ciaran McCreesh wrote: |
2 |
> On Fri, 16 Dec 2016 13:25:14 +0100 |
3 |
> Thomas Deutschmann <whissi@g.o> wrote: |
4 |
|
5 |
|
6 |
.. |
7 |
> |
8 |
> Perhaps it's time to realise that security bugs aren't that |
9 |
> interesting, and that random data loss bugs and just plain missing |
10 |
> features can be far more impactful in practice than some obscure |
11 |
> security issue. All treating security bugs specially does is play into |
12 |
> the "look at me, I'm important so you should pay me money or I'll put |
13 |
> out another press release" drama certain consulting companies have set |
14 |
> up. Broken code is broken whether or not the bug has been given a cute |
15 |
> name and logo. |
16 |
> |
17 |
|
18 |
Exactly, a security vulnerability originally being an info leak or a low |
19 |
probability risk that turns out to a denial of service on a stable |
20 |
system due to lack of proper stabilization is a good argument for the |
21 |
way things are today. |
22 |
|
23 |
-- |
24 |
Kristian Fiskerstrand |
25 |
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
26 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |