Kernel.org's road to recovery
Posted Oct 7, 2011 18:43 UTC (Fri) by vonbrand
In reply to: Kernel.org's road to recovery
Parent article: Kernel.org's road to recovery
If they know it is a security risk, they'll probably say so. The problem is that (as has been said many, many times) finding out if a particular glitch has any actual impact ("sure, this could lead to an integer overflow if <add longish list of conditions on variable values>, in which case maybe..."), let alone can be exploited as a security hole, is hard work and requires a mindset and training that not many kernel developers share. Any such assesment they do will miss an order of magnitude more exploitable flaws than the ones flagged, and flag many that are completely irrelevant. Pure noise, a complete waste of effort.
to post comments)