• SaharaMaleikuhm@feddit.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.

    • Dran@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      Because that bug was so egregious, it demonstrates a rare level of incompetence.

      • NaibofTabr@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        that bug was so egregious, it demonstrates a rare level of incompetence

        I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…

        • Dran@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 month ago

          Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends

    • tiredofsametab@fedia.io
      link
      fedilink
      arrow-up
      2
      ·
      1 month ago

      May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)