← Back to context

Comment by duped

2 days ago

One dude running an X account is not indicative of a community to be honest.

That said, that dude has a point. "Researchers" chasing clout with their names attached to CVEs is kind of ridiculous. Half these CVEs are missing bounds checks that can be fixed with a patch in as much effort as writing up the blog post announcing that there was a missing bounds check.

2 comments

duped

Reply
boomlinde  2 days ago

I guess that the perceived problem from a security perspective is that they're there, not that they're necessarily hard to fix once found.

  • duped  2 days ago

    The main beef is the noise created around these disclosures instead of sending patches to fix the bugs.