Comment by IshKebab
7 days ago
Yeah that attitude really makes no sense, and I don't see why AI finding security bugs would make people "finally understand".
I suspect it's just an excuse for Linux's generally poor security track record.
7 days ago
Yeah that attitude really makes no sense, and I don't see why AI finding security bugs would make people "finally understand".
I suspect it's just an excuse for Linux's generally poor security track record.
Everything has a poor security track record. That's the point.
1. That's bollocks. Obvious bullshit. All software doesn't have the same security track record. Do you also think sendmail and seL4 have an equally poor security track record?
2. Even if everything did have an equally poor security track record, why would that mean security bugs are no more significant than any other bug?
Honestly I'm dubious you've thought about this at all.
I didn't say "all software has the same security track record". seL4 has a much better track record than Sendmail by dint of not doing very much. I'm pretty comfortable with what people do and don't think about how much thinking I've done on this topic. Done much work with L4?
1 reply →
Without even wading into trying to rank projects by track record, it's worth noting that "Everything has a poor security track record" and "All software doesn't have the same security track record" are not contradictory statements.
Well, except OpenBSD. They’ve only had two vulns in forever.
Only two remote code execution vulnerabilities in the default configuration. But that's not the only type of security bug.
2 replies →
You mean "in the default install, in a heck of a long time". :)