| 1 |
On 12/16/2016 02:57 PM, Ciaran McCreesh wrote: |
| 2 |
> On Fri, 16 Dec 2016 13:25:14 +0100 |
| 3 |
> Thomas Deutschmann <whissi@g.o> wrote: |
| 4 |
|
| 5 |
|
| 6 |
.. |
| 7 |
> |
| 8 |
> Perhaps it's time to realise that security bugs aren't that |
| 9 |
> interesting, and that random data loss bugs and just plain missing |
| 10 |
> features can be far more impactful in practice than some obscure |
| 11 |
> security issue. All treating security bugs specially does is play into |
| 12 |
> the "look at me, I'm important so you should pay me money or I'll put |
| 13 |
> out another press release" drama certain consulting companies have set |
| 14 |
> up. Broken code is broken whether or not the bug has been given a cute |
| 15 |
> name and logo. |
| 16 |
> |
| 17 |
|
| 18 |
Exactly, a security vulnerability originally being an info leak or a low |
| 19 |
probability risk that turns out to a denial of service on a stable |
| 20 |
system due to lack of proper stabilization is a good argument for the |
| 21 |
way things are today. |
| 22 |
|
| 23 |
-- |
| 24 |
Kristian Fiskerstrand |
| 25 |
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
| 26 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
Archives