Comment by rl3
13 days ago
>No, they are not. Doesn’t matter how many LoC; it only take 1 LoC to introduce a vulnerability.
So according to you, the concept of attack surface doesn't exist. A 100MB binary is equivalent in risk to a 1KB binary. Got it.
If both are highly-audited, their risk is equal despite their size and protocol complexity. Got it.
>...its false to state that one piece of software has a “principle risk” of vulnerabilities that another piece does not.
That's like the third or fourth time you've scare-quoted the word principle. You're aware that principle and principal are two different words with different meanings?
The word I used, principal, in that context means the foremost or primary risk.
Anyways, I'm just telling you how major corporations think about it. Their underlying rationale is exactly what I've explained thus far, and hence why it's best practice.
Keep shooting the messenger I guess.
No comments yet
Contribute on Hacker News ↗