[daeken]

Playing whack-a-mole with vulnerabilities doesn't help make anything more secure. Security vulnerabilities are, by and large, systemic issues; fixing individual issues will never make things better, they just reduce the appearance of risk. If you want to fix things, there are two things to keep in mind:

1) Attackers always have an advantage over defenders. Attackers have to find one bug, defenders have to fix them all.

2) Given #1 and the fact that we have such a systemic security fail on our hands, the correct approach is nuking whole classes of bugs. We did this with stack canaries and stack buffer reordering; we did this with CSRF tokens in popular web frameworks; we did this with safe, managed code negating the vast majority of memory corruption bugs.

We need to move past thinking of bugs as isolated incidents and figure out how to make everything better at once.