Rich Kulawiec via plug on 23 Dec 2020 05:31:34 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: SolarWinds


On Sat, Dec 19, 2020 at 02:25:19PM -0500, Rich Freeman wrote:
> On Sat, Dec 19, 2020 at 12:51 PM Rich Kulawiec via plug
> <plug@lists.phillylinux.org> wrote:
> >
> > None of this surprises me.  What surprises me -- although mildly at this
> > point -- is that people keep doing these things despite their unbroken
> > record of failure.
> 
> LOL, what does this even mean, an "unbroken record of failure?"  Are
> you suggesting that every commit ever written to every large
> application contains a new security-critical bug?

No, if that was my contention I would have written it explicitly; my
writing skills may be modest but they're sufficient for purpose.

Instead, read my remarks *in context* -- that is, consider the entire
universe of code that everyone's busy cranking out.  For the most part:
it's awful.  We can barely get through a day without yet another gaping
security hole being disclosed -- and those are barely the tip of the
iceberg, since many of them won't be disclosed by the people who find
them and even that's the tip of the iceberg, because there are no doubt
even more waiting to be found, and there will be still more in future
because code is still being cranked out.

Are there exceptions to this?  Yes, of course there are.  But they're
exceptions, not the rule, and the rule is that as the code stack has
gotten deeper and heavier, this has gotten steadily worse.  The "many
eyeballs" approach has merit but it's been overwhelmed by volume.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug