How do you typically rate overall vulnerability severity of a network client not verifying server's SSL cert? (This is a poll.)
-
-
Replying to @solardiz
One argument for not hesitating to classify as high/critical: it's almost always a "minus-only" patch to fix.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @solardiz
So it's not like fixing it requires diverting resources from fixing other high/critical bugs.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
I think it's not expected for ease of fixing to be factored into severity. That would make it priority, a different metric.
2 replies 0 retweets 0 likes
Replying to @solardiz
I didn't mean cost should be a factor, rather that if you're (wrongly) including it in some places, it doesn't make sense here.
6:31 PM - 25 Dec 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.