Hacker News new | past | comments | ask | show | jobs | submit login

Apart from the legal stuff and a lot off egocentric 'we can do it better', she has one point. There are many companies giving a lot of money for security, manually scrubbing all exploits that come out, create their own patches. While some lack the basic security guidelines. I think this money can be better spend upstream, to create tools so they can test patches for exploits better and create a faster security update release pipeline, so that all downstream and customers can rely on the security releases and that it can be released quicker to everyone. (Controversial: Maybe even adding automatic security updates to the package itself, like wordpress did, so that customer cannot be on a release with exploits)

Though saying to your client that they cannot reverse engineer to look for security problems, is totally not done! What is next? "Exploits will not be fixed, because the users has signed an agreement that they will not hack?"




_She_ has that point (Mary Ann).




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: