-
Siddhesh Poyarekar authored
The "exploitable vulnerability" may lead to a misunderstanding that missed hardening issues are considered vulnerabilities, just that they're not exploitable. This is not true, since while hardening bugs may be security-relevant, the absence of hardening does not make a program any more vulnerable to exploits than without. Drop the "exploitable" word to make it clear that missed hardening is not considered a vulnerability. Signed-off-by:Siddhesh Poyarekar <siddhesh@gotplt.org> ChangeLog: * SECURITY.txt: Drop "exploitable" in the hardening section.
Siddhesh Poyarekar authoredThe "exploitable vulnerability" may lead to a misunderstanding that missed hardening issues are considered vulnerabilities, just that they're not exploitable. This is not true, since while hardening bugs may be security-relevant, the absence of hardening does not make a program any more vulnerable to exploits than without. Drop the "exploitable" word to make it clear that missed hardening is not considered a vulnerability. Signed-off-by:
