|
|
|
|
|
|
by smallnamespace
3604 days ago
|
|
|
I agree with you in general, but since we're talking about embedded devices that can't be updated, here's a concrete scenario: 1) White hat finds a vulnerability in the source code which applies to a large number of devices.
2) Source is patched but vulnerable devices exist in wild Now all an attacker needs to do is find a vulnerable device; because the source code is public like OP suggests, figuring out which devices are vulnerable is trivial. Unless I'm missing something drastic, this is actually a problem in the embedded space where obscurity seems to help. |
|
|