[treis]

>70% of security bugs are memory safety issues. That's a lot of real problems.

Are these really real enough problems, though? If you're defending against state level attackers it's a problem. But how much do these really impact Joe Schmoe average computer user?

[tester756]

Please don't go this way.

People targeted by state level actors are people too, and software should protect them if it can, and not having mem related bugs is definitely possible :)

[alpaca128]

What makes you think state-level attackers cannot affect you? What if they hack a hospital and leak your medical data or mess with life support systems? Or make another train derail in Ohio, or disable another pipeline with a little hack in the middle of winter?

If you oppose change so much that you just shrug in the face of free 70% reduction of risk I don't know what to tell you.

[tracker1]

It's real enough for nearly every company or higher value software target... so, yes, it's a real problem. For that matter, it's real for every person using a computer on the internet.

You don't have to be the final target to be a botnet node... you don't even need to be a specific target to get a keylogger that tracks your logins for financial websites.

Yes... it is REALLY REAL ENOUGH,

[LeFantome]

Sorry, did you mean encryption ransomware? Or DDOS bot swarms? Or crypto mining hijackers? Or corporate sabotage? Or….

Because I think the answer is all of us.

Also, the targets of state level actors are using the same software as the rest of us. If ours is insecure, theirs is too. Have you seen the list of Open Source vulnerabilities the US Gov has not patched?