|
|
|
|
|
|
by Javantea_
4054 days ago
|
|
|
No, by itself the number of vulnerabilities patched is only useful in telling us which software has been tested and found to be lacking in the past. Along with other metrics (severity, static analysis results, code quality, complexity, reports by an independent auditor, availability of a testing framework, and competitor quality), this can be used to decide which projects need to be replaced or improved upon. The reason that many vulnerabilities have been found in Chrome is because it is a very large and complex project. The bug bounty only gives people the necessary additional motivation to work on it during business hours. Other projects that lack bug bounties have found similar numbers of bugs (Wireshark and ClamAV to name a few) due to their complexity. |
|
|