known bugs without known exploits is one thing; active exploits are another.
-
-
Replying to @steveklabnik @CopperheadOS and
For langauge soundness bugs I'd add: whether exploitably mis-handled code is in actual use.
3 replies 1 retweet 2 likes -
Replying to @xlerb @CopperheadOS and
I would think either a lang is "memory safe" or not. Exploitability is a very blurred term.
1 reply 1 retweet 2 likes -
If you assume bugs are not exploited bc you do not know about it, ur "not even wrong".
1 reply 1 retweet 3 likes -
Replying to @berendjanwever @marver and
to be clear, I am not making that assumption.
1 reply 1 retweet 0 likes -
Replying to @steveklabnik @marver and
"known bugs without known exploits" is an assumption unless you're omniscient
1 reply 1 retweet 0 likes -
Replying to @berendjanwever @marver and
i'm saying a bug with an exploit has higher priority than one without. that's it.
2 replies 1 retweet 0 likes -
Replying to @steveklabnik @marver and
Fair enough; failing data a risk guestimate will have to be used to prioritize.
2 replies 1 retweet 0 likes -
Replying to @berendjanwever @steveklabnik and
But prio minor perf gain over sec.risk when "safe" is 1st keyword in project goal? Odd
4 replies 1 retweet 0 likes -
Replying to @berendjanwever @marver and
I did not personally make this call.
1 reply 1 retweet 0 likes
Not accusing anyone, just explaining my point of view on such matters.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.