Hacker News new | ask | show | jobs
by postmodern_mod3 4884 days ago
Vulnerability counts are misleading metric for security. They do not include the vulnerabilities which have not yet been discovered or created.
1 comments
jpatokal 4884 days ago
And you're proposing to get a less misleading metric for undiscovered or uncreated (!?) vulnerabilities how, exactly?
link
postmodern_mod3 4884 days ago
Maybe graph the rate of vulnerabilities discovered vs. LoC/files added?

It's safer to only use vulnerability counts as a metric for how interesting software is to security researchers.

link