Yes, I agree — I think Carlini's point was that even the current situation is very bad for security, but also that it may get worse and it's worth planning for that eventuality.
In a past corporate job, my team had occasional "bug weeks", where the focus was only on reducing the backlog of known problems, and no new features were worked on. That kind of thing is much harder for an open-source project without central management to decide on, but I have been wondering for the past few days whether a kind of deliberate effort toward having a large number of people in the kernel community focus on security problems will turn out to be necessary.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。