|
|
|
|
|
|
by codetrotter
1742 days ago
|
|
|
I see what you are saying but it could also be for example: 1) over time more inherent complexity has accrued, making vulnerabilities more likely to occur 2) vulnerability analysis has improved, meaning that vulnerabilities are being found today where in the past certain vulnerabilities (either same or different ones) were present without being found and we don’t know that things are being added that’s “not needed”, or that they are “taking the eyes off the ball”. Do we even know that they would be able to stay relevant without taking money? Taking money seems, in isolation, a good thing to me. |
|
|
And as for point #2 specifically, detection improved as well so it's not as if attackers are clearly winning with better attacks on larger attach surfaces. There was a talk recently (can't remember which conference) optimistically wondering if we might be succeeding more than we're failing, since the impactful bugs are getting much harder to find. We're very clearly not there yet, but try to get an exploit on a phone now and compare that to 2011 or 2001. There is a trend there and it's not the same one as GP claims HAProxy is going in. Though your point #1 might adequately explain that, in my head they're still just a proxy (I don't work with the product from a sysadmin perspective) so I wouldn't have known of it if it hadn't come up.