|
|
|
|
|
|
by staticassertion
122 days ago
|
|
|
> If I can cause a server to not serve requests to anyone else in the world by sending a well crafted set of bytes, that’s absolutely a vulnerability because it can completely disable critical systems. Well obviously I reject that, right? That's sort of my point. > If availability isn’t part of CIA then a literal brick fulfills the requirements of security and the entire practice of secure systems is pointless. That doesn't follow at all. If I say "availability is an operational concern and not a security concern" it does not follow then that "remote code execution is not a security concern" whatsoever. |
|
|