• Dran@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    1 month ago

    Because that bug was so egregious, it demonstrates a rare level of incompetence.

    • NaibofTabr@infosec.pub
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 month ago

      that bug was so egregious, it demonstrates a rare level of incompetence

      I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…

      • Dran@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        ·
        edit-2
        1 month ago

        Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends

      • BigDanishGuy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 month ago

        Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all

        At the super budget prices Cisco charges, do you really expect quality control to be included? You’ve got to buy a quality control subscription for that. /s