Skip to content
Snippets Groups Projects
Select Git revision
  • bobdev
  • master+cobol default protected
  • parser
  • cobol-patched
  • cobol-stage
  • the_divorce
  • parser-13
  • gcc13+cobol
  • v0.2363
  • v0.2351
  • v0.2348
  • v0.2345
  • v0.2342
  • v0.2340
  • v0.2338
  • v0.2335
  • v0.2291
  • v0.2287
  • v0.2285
  • v0.2280
  • v0.2277
  • v0.2275
  • v0.2269
  • v0.2266
  • v0.2264
  • v0.2261
  • v0.2256
  • v0.2253
28 results
Blame Permalink
  • Siddhesh Poyarekar's avatar
    e9f2c6d2
    SECURITY.txt: Drop "exploitable" in reference to hardening issues · e9f2c6d2
    Siddhesh Poyarekar authored 
    
The "exploitable vulnerability" may lead to a misunderstanding that
missed hardening issues are considered vulnerabilities, just that
they're not exploitable.  This is not true, since while hardening bugs
may be security-relevant, the absence of hardening does not make a
program any more vulnerable to exploits than without.

Drop the "exploitable" word to make it clear that missed hardening is
not considered a vulnerability.

Signed-off-by: default avatarSiddhesh Poyarekar <siddhesh@gotplt.org>

ChangeLog:

	* SECURITY.txt: Drop "exploitable" in the hardening section.
    e9f2c6d2
    History
    SECURITY.txt: Drop "exploitable" in reference to hardening issues
    Siddhesh Poyarekar authored 
    
The "exploitable vulnerability" may lead to a misunderstanding that
missed hardening issues are considered vulnerabilities, just that
they're not exploitable.  This is not true, since while hardening bugs
may be security-relevant, the absence of hardening does not make a
program any more vulnerable to exploits than without.

Drop the "exploitable" word to make it clear that missed hardening is
not considered a vulnerability.

Signed-off-by: default avatarSiddhesh Poyarekar <siddhesh@gotplt.org>

ChangeLog:

	* SECURITY.txt: Drop "exploitable" in the hardening section.