Bad Binder: Android In-The-Wild Exploit (Project Zero)
Bad Binder: Android In-The-Wild Exploit (Project Zero)
Posted Nov 26, 2019 20:48 UTC (Tue) by roc (subscriber, #30627)In reply to: Bad Binder: Android In-The-Wild Exploit (Project Zero) by Vipketsh
Parent article: Bad Binder: Android In-The-Wild Exploit (Project Zero)
> In summary, what I'm trying to say is: "please provide arguments why applying 'possible security issue' labels woudn't converge to one of the above".
Sure. The experience of many projects is that that hasn't happened. In Firefox, for example, developers make good-faith efforts to call out bugs that are security issues, and a memory corruption bug is treated by default as exploitable, but the project certainly has not collapsed to "all bugs are security issues". In fact I can't think of any project other than the Linux kernel where developers are explicitly against trying to call out bugs as security issues. So I think the kernel community needs arguments to support the proposition that they are special and can't do what other projects do.