Is FFmpeg less broken now? Or is it just an example of why sandboxes are needed? 1/2
-
-
-
I would say both. It is definitely much less broken now (in terms of low hanging fruit), but given the nature of... 1/2
-
... the software and its complexity, it'll always have bugs and is a prime example of why sandboxing is important. 2/2
End of conversation
New conversation -
-
-
now, what can we do to prevent those 1,500 bugs from occurring in the first place?
-
Don't use C/C++ :D Only half joking; Parsers in pure Java/Python/etc are safer; https://github.com/isocpp/CppCoreGuidelines … is another thing
-
Yeah, but C/C++ are here to stay, so the joke is funny as long as everything works ;)
End of conversation
New conversation -
-
-
Btw, the recent SSRF debacle forced some large users to add network sandboxes to existing "binary" ones
#BugBounty 2/2Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
you should write a blog post on how to do disclosure for over 1500 issues. Were you opening Github issues?
-
We sent crashes in batches and the maintainers did all the investigative work+fixes; fast too! props & kudos to them:)
-
I wish it would be the same for all major opensource projects
End of conversation
New conversation -
-
-
You're doing a great job guys. Just because of people like you we are safer in the wild web! :D
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.