it shifts the industry to promoting a bad solution, and away from fixing bugs.
The value is roughly: size_of_problem * mitigation_usefulness / adoption_pain
-
-
fwiw, the formula should be severity * efficacy - cost should be > 0
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
For whitelist-based CSP, the problem (XSS) is big, usefulness ~low, pain ~big
-
But w/ nonces + 's-d' CSP gets more useful: harder to bypass, easier to adopt.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.