[Rangi42]

> Because of the large amount of global variables... NCC Group was unable to fully determine the impact of this vulnerability.

In other words, "This project is too full of potential security holes to find the definite ones."

[drzaiusapelord]

No, it means we understand there are theoretical security issues with global variables, but cannot determine if they're actually applicable or exploitable in this software.

[MustardTiger]

You just repeated exactly the same thing he said as if you were disagreeing.

[richardwhiuk]

A theoretical security vulnerability isn't really a think - it's just a bug. Either it's exploitable, and thus a security vulnerability, or it's a bug and isn't,

[MustardTiger]

Yes it is. It is a bug, that may be exploitable. There's no contradiction there.

[coldtea]

Global variables are not bugs -- at worse they are bad style and can cause bugs.

As for your other comments, there's this "burden of proof" thing.

[MustardTiger]

Did you reply to the wrong comment by mistake? What other comments? What are you talking about?