On a really quick skim, I wonder why this won’t also make it harder for white hats to find the exploitable bugs that need to be fixed.
Or break it into isolated components each in their own privilege domain and limited/no trust between them, so that each is small enough to model its set of vulns as finite/tractable.
-
-
that's exactly my point: you can only eliminate bugs in a sprawling, ballooning program like that by *redesigning it* as you said. playing whack-a-mole won't work.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.