|
|
|
|
|
|
by becarefulyo
3422 days ago
|
|
|
Disclosure: I work at MS but not on the kernel or anything related to this security bug. Opinions are my own. I've seen one-line bug fixes introduce many other bugs. Adding a null check is always suspicious. Is the system in an invalid state? Should it fail fast instead of swallowing the error? Maybe the code wasn't touched in several years. Maybe the person that wrote it no longer works there. Maybe the code in question doesn't have good test coverage or documentation. There are so many variables to consider when assessing risk of code changes. |
|
|
These are not valid excuses for a company the size of Microsoft.