Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you hesitate to fix security bugs out of fear of introducing new security bugs that's the point at which you have to hire better programmers.


But you're going to introduce them anyway. Sure, hire the best programmers that you can. But recognize that your rewrite is going to introduce new bugs (funny, your answer to that was "deal with it" instead of "hire better programmers"). And recognize that, better programmers or no, some of those new bugs are going to be security bugs.

Now, that may still be better than the current situation. But glibly saying "just hire better programmers" means you're hiding your head in the sand.


Taking precautions can always backfire but would you argue that the status quo is preferable to taking those precautions in this case?


flowerlad seems to have the position that only security bugs matter; other bugs can be dealt with. I disagree with that position - non-security bugs can also be devastating. Second, even if you accept the starting position, I disagree with the idea that re-writing C++ code in Rust will remove all the security bugs.

So there's two categories of "taking those precautions". One is "fix security bugs", which, yes, of course take those precautions.

But the second category of "taking those precautions" is "re-write the whole thing in Rust". That's much more questionable whether it's worth it. How much time and effort will the rewrite take? What else could those people do with that much time? How bad are the security holes? How bad will it be to introduce the new bugs? What fraction of security holes will be closed by the rewrite?

flowerlad's idea seems to be that, in light of this latest attack, it's worth going to any lengths to fix every security hole. I think that idea is mistaken.

And, which software are we talking about? The network stack? Excel? Everything ever written in C/C++? The trade-offs are different for each piece of software. And if the answer is "everything", that sounds like roughly a decade of work for the entire software engineering workforce. That seems totally unrealistic, even in light of this latest attack.

Look, the attack was huge. I'm not trying to minimize it at all. But it still isn't worth the measures that flowerlad proposes.


> If you hesitate to fix security bugs out of fear of introducing new security bugs

I never say that. But maybe you just don't need to rewrite the whole project to fix some bugs? Sometime it is maybe the right answer but it should not be the default answer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: