• Dran@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    28 days ago

    Because that bug was so egregious, it demonstrates a rare level of incompetence.

    • NaibofTabr@infosec.pub
      link
      fedilink
      English
      arrow-up
      0
      ·
      28 days ago

      that bug was so egregious, it demonstrates a rare level of incompetence

      I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…

      • Dran@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        28 days ago

        Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends