Lots of people using "sparse" vs "dense" to reason about vulnerability research recently, but I'm not convinced that it's a useful exercise
-
-
Replying to @benhawkes
As I understand it, deciding if something is sparse or dense is almost entirely subjective, and you're describing a single point in time.
2 replies 3 retweets 5 likes -
Replying to @benhawkes
I think it's almost always more useful to look at the ratio of bug fixes versus introduction: i.e. are we trending towards "less dense"?
3 replies 3 retweets 8 likes -
Replying to @benhawkes
@benhawkes I tried to pick this apart in a post to dailydave using vsftpd as an example. https://lists.immunityinc.com/pipermail/dailydave/2014-November/000813.html …1 reply 4 retweets 6 likes -
Replying to @dguido
@benhawkes I think you're nearly right, it has everything to do with pace of software development. When feature dev slows, bugs trend down.1 reply 0 retweets 1 like -
Replying to @dguido
@benhawkes this is easy to grasp when you look at sw written against a spec, like FTP. It's just "done" at some point.1 reply 0 retweets 0 likes -
Replying to @benhawkes
@dguido Primarily I just wanted to unpack the "bugs are dense so VR doesn't matter" idea in to something that can be concretely debated.1 reply 0 retweets 0 likes
@benhawkes yeah that's a silly thing to say, even though bug finding has been over emphasized as a defense. IMHO stems from offense envy.
-
-
Replying to @dguido
@dguido@benhawkes bug finding is overrated as a defence (obvs not completely useless), but fetishizing bugs is an industry wide problem2 replies 3 retweets 5 likes - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.