Hacker News new | ask | show | jobs
by a1369209993 2115 days ago
> It implies arbitrary []native[] code execution.

This is simply not true in a plurality of cases (eg, it implies that applications running under qemu are incapable of having RCE vulnerabilities) and frankly sounds like a distinction that was made up to avoid admitting that script tags are RCE bugs in web browsers.
1 comments
tptacek 2115 days ago
It's interesting how much this little subthread recapitulates the experience of responding to the median bug bounty submission.
link
a1369209993 2114 days ago
Well, modulo "responding to a submission" versus "reporting a vulnerabity", we can certainly agree on that at least.
link