Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Again: introducing surprising correctness bugs? Crashing programs? Absolutely. I don't know how many different ways I can say that my concern here is the misuse of a security term of art. Dropbox engineers do not have as a rite of passage introducing or finding RCE vulnerabilities in Go code. Would that it were so! My job would be much more interesting.




> correctness bugs? Crashing programs? Absolutely.

Denial of service can absolutely be a security issue, as can any correctness bug if it leads to unintended behavior or corrupted data.

reply


If that's where we're at, where unhandled exceptions are the security issues we're hanging on, I'll consider my argument won.

reply


That might be a reasonable argument if you were guaranteed an unhandled exception in this instance. Unfortunately that's not the case.

reply


If you could demonstrate something better than that, we wouldn't be arguing about the severity of DOS attacks.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: