top | item 45308337

(no title)

apstls | 5 months ago

This statement is one of those useless exercises in pedantry like when people say "well technically coffee is a drug too, so..."

Code with publicly-known weaknesses poses exponentially more danger than code with unknown weaknesses.

It's like telling sysadmins to not waste time installing security patches because there are likely still vulnerabilities in the application. Great way to get n-day'd into a ransomware payment.

discuss

nightpool|5 months ago

Have you spent time reviewing the security patches for any nontrivial application recently? 90% of them are worthless, the 10% that are actually useful are pretty easy to spot. It's not as big of a deal as people would like to have you think.