Y
Hacker News
new
|
ask
|
show
|
jobs
by
ludamad
3672 days ago
The GP's point is if you're doing code deserialization, the definition of security is different. The data format having RCE bugs won't be as much of a concern, while trusting the data source will be much more of a concern.
1 comments
xapata
3671 days ago
We redefine security for every project. Some projects can (de)serialize code and be secure. Others can't.
link