QOTD on Disclosure & Risk

I believe that there is a preponderance of vulnerabilities to the extent that, although patching vulnerabilities does lead to a smaller attack surface, the attack surface is so large that this is inconsequential to the net impact on risk. That is, the reduction in attack surface does not outweigh the increase in threat arising from this discovery and disclosure process. -- Pete Lindstrom, Research Director for Spire Security
Src: Rudeness, risk and vulnerability disclosure | Spire Security Viewpoint

No comments: