Hacker News new | ask | show | jobs
by rbanffy 1707 days ago
> There's just no advantage to having shared libraries outside of ensuring that you'll eventually break every application

If an application or service is using a vulnerable outdated library, I WANT it to break. It’s better to have it broken than have it expose sensitive user data.
1 comments
jimbob45 1707 days ago
Hard disagree. I'll decide which applications I want updated and when. I don't need my applications breaking because someone decided I'm not allowed to use it anymore.
link
rbanffy 1707 days ago
We don’t have the luxury to decide when we will get hacked.
link
_8j50 1707 days ago
That's not how security risk assesment work. You do get to decide when and how long you remain hackable and implement mitigating security controls. Not everyone has the luxury of being tolerant to outages and it is terrible security practice to take a forceful uncompromising approach like that with no consideration to why and how the software is being used and in what context.

The last thing you want in securing a system is for your securitu effort itself to be a security risk (availability)

link