|
|
|
|
|
|
by parl_match
1084 days ago
|
|
|
> security vulnerabilities are basically the original developers getting outsmarted, caught out being careless This is absolutely not true. Security vulnerabilities can be due to a huge variety of reasons well beyond "the developer is outsmarted/careless". A great example of this was unicode related issues. Also, changing API/ABI surfaces. And, we think of security vulnerabilities as "bugs" that cause "hacks", but sometimes vulnerabilities come in the form not in a technical hack, but attacks on users. Sometimes, the developers know there's an issue, but the business forces them ahead anyways and takes on the risk. I've dealt with a few of those. It's counterproductive to put it firmly on the developers, but I do agree that technical security issues and quality issues are tightly intertwined. |
|
|