A turning point for CVE numbers

Posted Feb 15, 2024 15:07 UTC (Thu) by bferrell (subscriber, #624)
In reply to: A turning point for CVE numbers by marcH
Parent article: A turning point for CVE numbers

We need to look at why those amateurs are being hired. It's not JUST in code this is happening.

There are simply not enough "qualified" individuals to support the "I want it NOW" world we have. And I don't mean in any given country. So, it's become grab a warm body that comes close, pay the going rate and pray.

If you think the people doing code are under paid, you likely thing they ought to be paid like rock stars... And that too is part of the problem.

A turning point for CVE numbers

Posted Feb 15, 2024 16:11 UTC (Thu) by marcH (subscriber, #57642) [Link]

You're right: as long as the market is happy to keep buying buggy, insecure and unmaintained products that happen to use Linux then who am I to tell anyone to stop making them.

But still: don't come and complain that some Linux branches are buggy when you got them for free and did barely any QA on them yourself. You got what you paid for.

I think there is a perception problem because quality is even less tangible than lines of code. But good companies making quality products (Linux-based and not) know very well how much it's really worth.