Comment by mk89

4 years ago

Bug bounties are a different beast. Here we are talking about a bunch of guys who deliberately put stuff into your next kernel release because they come from an important university, or whatever other reason. One of the reviewers in the thread admitted that they need to pay more attention to code reviews. That sounds to me like a good first step towards solving this issue. Is that enough, though? It's an unsolvable problem, but is the current solution enough?

2 comments

mk89

Reply
rualca  4 years ago

> Bug bounties are a different beast.

Bug bounties are more than a different beast: they are a strawman.

Sneaking vulnerabilities through a code review is even a competitive sport, and it has zero to do with bug bounties.

  • mk89  4 years ago

    Sorry I think I didn't understand/read correctly what it was about.

    It's just f** brilliant! :)