| You're backtracking on your original assertion without actually owning up to your gross overstatement. What's more, you're doing a poor job of attempting to Euler me in the process. :) Here's the thing: Problems in software are productively classed by their complexity and difficulty. That is to say that if you have two tasks, each of equivalent complexity and difficulty, the software to solve one task is going to be just as expensive to write as the software to solve the other one. [0] I argue that designing and writing the software system required to run a piece of high-traffic, high-performance, near-zero-downtime networking gear that actually meets its goals [1] is in the same class of difficulty as writing a performant JS engine that has no "exploitable bugs". [3] [0] For the purposes of this discussion, the cost to write any software used as part of the solution to either task must be included in the analysis of the overall cost. [1] If you don't consider the existence of at least one production instance of this system being in continuous use for a decade or more proof of its correct design and implementation, I really don't know what else would convince you. You're highly unlikely to be able to evaluate the correctness of the system via manual inspection. [2] [2] I mean, if you were one of the handful of mutants in existence who could do this, you'd likely not be wasting time arguing on HN. [3] Actually, for giggles, can you point to a handful of somewhat recent High or Critical severity CVEs for V8 when used in Chrome or Chromium? Remember that you've been laser-focused on the Javascript engine, so failures of things like the browser's sandbox, browser's chrome, or OS process isolation don't count. |
(As for the V8 engine, see https://code.google.com/p/chromium/issues/list?can=1&q=Type=.... (Note that Google does not make severe recent bugs publicly available.))