Comment by galangalalgol
1 day ago
Worst case is that it doesn't even cause correctness issues in normal use, only when misused in a way that is unlikely to happen unintentionally.
1 day ago
Worst case is that it doesn't even cause correctness issues in normal use, only when misused in a way that is unlikely to happen unintentionally.
I guess because I work in security the "unintentionally" doesn't matter much to me.
But it matters for detection time, because there's a lot more "normal" use of any given piece of code than intentional attempts to break it. If a bug can't be triggered unintentionally it'll never get detected through normal use, which can lead to it staying hidden for longer.
That's not really contested? The statement was that longer detection time indicates lower severity.