← Back to context

Comment by staticassertion

1 day ago

> IMHO a fact that a bug hides for years can also be indication that such bug had low severity/low priority and therefore that the overall quality is very good.

It doesn't seem to indicate that. It indicates the bug just isn't in tested code or isn't reached often. It could still be a very severe bug.

The issue with longer lived bugs is that someone could have been leveraging it for longer.

4 comments

staticassertion

Reply
galangalalgol  1 day ago

Worst case is that it doesn't even cause correctness issues in normal use, only when misused in a way that is unlikely to happen unintentionally.

  • staticassertion  1 day ago

    I guess because I work in security the "unintentionally" doesn't matter much to me.

    • SAI_Peregrinus  1 day ago

      But it matters for detection time, because there's a lot more "normal" use of any given piece of code than intentional attempts to break it. If a bug can't be triggered unintentionally it'll never get detected through normal use, which can lead to it staying hidden for longer.

      1 reply →