I do not disagree. In fact, I personally have a problem with all non-vendor vuln... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on July 12, 2015 \| parent \| context \| favorite \| on: Two more Flash 0-days emerge in Hacking Team leak I do not disagree. In fact, I personally have a problem with all non-vendor vulnerability sales, for the same reason. I just think we should be clear that exploit developers, brokers, and users don't actually create vulnerabilities; software companies do. I also think people should give Adobe a little bit of a break --- not much of one, but a little. Adobe got monstrously successful off a codebase that largely predates the concept of software security. It's a nightmare problem for them, and they are working on it. They should work harder.

reagency on July 12, 2015 [–]

Macromedia/Adobe has had 15 years to respond to the news that Internet security matters. 15 years.

tptacek on July 12, 2015 | [–]

15 years ago a pretty sizable chunk of the industry thought heap overflows weren't exploitable for code execution, so I don't think that's the right interval.

onida on July 13, 2015 | | [–]

Then what is?

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact