Hacker News new | ask | show | jobs
by tptacek 324 days ago
Again: introducing surprising correctness bugs? Crashing programs? Absolutely. I don't know how many different ways I can say that my concern here is the misuse of a security term of art. Dropbox engineers do not have as a rite of passage introducing or finding RCE vulnerabilities in Go code. Would that it were so! My job would be much more interesting.
1 comments
zozbot234 324 days ago
> correctness bugs? Crashing programs? Absolutely.

Denial of service can absolutely be a security issue, as can any correctness bug if it leads to unintended behavior or corrupted data.

link
tptacek 324 days ago
If that's where we're at, where unhandled exceptions are the security issues we're hanging on, I'll consider my argument won.
link
zozbot234 324 days ago
That might be a reasonable argument if you were guaranteed an unhandled exception in this instance. Unfortunately that's not the case.
link
tptacek 324 days ago
If you could demonstrate something better than that, we wouldn't be arguing about the severity of DOS attacks.
link