Falcon Darkstar on Nostr: Experience being my guide, where there is vulnerable code, there is nearly always one ...
Experience being my guide, where there is vulnerable code, there is nearly always one of these conditions in the developer team:
- Cannot explain the code's intent in the vulnerable case
- Does not know why legacy code exists or who owns it
- Is unaware of requirements imposed by the platform
- Did not intentionally incorporate the vulnerable functionality
- Is unaware the vulnerable case is implemented
By the way, memory safety is not even slightly the focus of these things.
- Cannot explain the code's intent in the vulnerable case
- Does not know why legacy code exists or who owns it
- Is unaware of requirements imposed by the platform
- Did not intentionally incorporate the vulnerable functionality
- Is unaware the vulnerable case is implemented
By the way, memory safety is not even slightly the focus of these things.