Comment by stmw
2 months ago
I don't think that follows, esp. since when we're talking about a mature, actively commercially maintained JIT engine.
2 months ago
I don't think that follows, esp. since when we're talking about a mature, actively commercially maintained JIT engine.
Why not? JIT engines are inherently risky. They are great for performance but terrible for security.
Briefly, because
overall risk = new inherent risk / (architecture * security reputation * ongoing maintenance investment)
Even without arguing over whether JIT engines are inherently risky or add much risk given the modern computing environment is full of them, from graphics to Javascript.