Local vs remote exploits
Posted Jun 25, 2004 20:59 UTC (Fri) by giraffedata
In reply to: Local vs remote exploits
Parent article: Long-lived security holes
And, I don't think your bizarre
interpretation of the terms is particularly useful or widespread
That's almost word for word what I said, so we agree there. Except that I don't think you can call "bizarre" an interpretation that takes the words "local" and "remote" to mean what they mean in every other context under the sun.
This is just a semantics argument
Exactly. It's important to use the right terminology because people derive a lot of meaning from the bare words. I assure you that if you classify exploits as "remote" or "local," some people will think you mean it in the conventional sense of those words. That would result in less than optimal classification of security exposures.
there most definitely IS a valid and very major distinction between the two
So the only question is, what are the two types you're distinguishing? Calling them by conventional English words would go a long way toward nailing that down. Arbitrarily labelling exploits by partially authorized people "local" and exploits by total strangers as "remote," especially since those words already have meanings ("near" and "far") in other contexts, is just inviting misunderstanding.
to post comments)