undefined | Better HN

0 pointskarlgkk9mo ago0 comments

> memory errors with no viable exploit path

i dont appreciate putting "vulns" in scare quotes, if that was your intent

swiss cheese theory. all it takes is someone changing a component that allows that vulnerability to be chained into an exploit, which has happened many times.

these should be tracked, and in fact, it's very helpful to assign cves to them

but yeah, raw numbers is less useful. in fact, cves as a "is it secure or not" metric are pretty rough. it makes it easier to convince vendors to keep their software up to date, though...

0 comments

gosub1009mo ago

Additionally, having simpler vulns labelled allows more juniors to work on coding fixes for them.and getting their feet wet in that particular sub field.

j / k navigate · click thread line to collapse