|
|
|
|
|
|
by hyper_reality
1870 days ago
|
|
|
One big difference is explained in the article. The fact that code going into the kernel is not as secure as we might hope is already known to the open source community. Maintainers are overworked and none would be surprised if you told them that it would be possible to smuggle in backdoors. This is not a "bug", but an issue with time and resources, and because the researchers attempted to add bugs to demonstrate it just makes it worse. On the other hand, security researchers are finding vulnerabilities that weren't previously known. They've discovered specific exploitable bugs, rather than introducing new ones. Following disclosure, the company can patch the vulnerabilities and users will be safer. Which makes that a laudable thing to do. |
|
|