Comment by mashepp
2 months ago
So you don’t use any software that has had a security vulnerability?
What operating system and browser did you use to write your post?
2 months ago
So you don’t use any software that has had a security vulnerability?
What operating system and browser did you use to write your post?
Unary thinking has no place when considering software quality or security. Just because things have vulnerabilities does not mean that the category, severity, and frequency of them is a irrelevant consideration.
The Log4j vulnerability was effectively calling eval() on user input strings. That is utter incompetence to the extreme with immediately obvious, catastrophic consequences to anybody with any knowledge whatsoever of software security. That should be immediately disqualifying like a construction company delivering a house without a roof. "Oh yeah, anybody could forget to put a roof on a house. We can not hold them responsible for every little mistake." is nonsense. Basic, egregious errors are disqualifying.
Now, it could be the case that everything is horribly defective and inadequate and everybody is grossly incompetent. That does not somehow magically make inadequacy adequate and appropriate for use. It is just that in software people get away with using systems unfit for purpose because they had "no choice but to use substandard components and harm their users so they could make money".