|
|
|
|
|
|
by lelanthran
253 days ago
|
|
|
> But python newbies don't get their web frameworks stack smashed. That's kind of nice. Hah! True :-) The thing is, smashed stacks are difficult to exploit deterministically or automatically. Even heartbleed, as widespread as it was, was not a guaranteed RCE. OTOH, an exploit in a language like Python is almost certainly going to be easier to exploit deterministically. Log4j, for example, was a guaranteed exploit and the skill level required was basically "Create a Java object". This is because of the ease with which even very junior programmers can create something that appears to run and work and not crash. |
|
|
That’s like driving without a seatbelt - it’s not safe, but it would only matter on that very rare chance you have a crash. I would rather just wear a seatbelt!