• SaharaMaleikuhm@feddit.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.

      • Dran@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Because that bug was so egregious, it demonstrates a rare level of incompetence.

        • NaibofTabr@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          that bug was so egregious, it demonstrates a rare level of incompetence

          I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…

          • Dran@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 month ago

            Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends

      • tiredofsametab@fedia.io
        link
        fedilink
        arrow-up
        2
        ·
        1 month ago

        May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)