[dflock]

No one knows how many vulnerabilities there are in closed source medical record software - because we can't check. There are _probably_ loads though, because that medical software is super terrible in every way that we _can_ check.

[nradov]

Well the closed-source EHR applications that use NoSQL databases such as MUMPS (InterSystems Caché) probably don't have many SQL injection vulnerabilities.

[oatmeal1]

Or voting machines.

[mixedmath]

I wasn't aware that there were any public, commonly-used voting machines that we could check.

[1970-01-01]

Isn't anything closed-source by definition this? Why speak of the subset of closed-source medical record software when it's just the entire class of software?

[0xdeadbeefbabe]

SQL injection and XSS come up in dynamic analysis too.