Comment by simjnd
4 hours ago
You could assume that if someone has the technical level to identify a vulnerability and how to exploit it, they probably have the technical level to fix it.
In most cases researchers have no interest in actually "making the software better" and publishing vulns is just a way to increase their cred to land a better job.
FFMPEG's position as a well know very popular open source project means it's very interesting for this type of researcher to find a vuln and put their name on it.
It's an exhausting dynamic.
No comments yet
Contribute on Hacker News ↗