Comment by thomastjeffery
2 years ago
> 8. Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone.
The key word here is characterized. That word is not equivalent to found.
Security vulnerabilities are unique in that they matter despite being unknown.
Other bugs are only important because of their direct impact on users. It's not unreasonable to take everything here and apply it to known bugs, and not to unknown vulnerabilities.
I interpret it as synonymous with "found" here -- someone "characterizing" the bug finds it and opens a bug report.
In professional engineering, you characterize the behavior after someone finds and reports it. Or you characterize a flow transducer, or you characterize gas circuit compliance. It’s the thing you do once you know there’s something to characterize.
OK. Well in the variety of work I do, which I suppose isn’t professional by this standard, typically the person who finds a bug and the person who describes it are one and the same.