Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Knowing a half-truth is as bad as knowing nothing. Half the time I will do useless mitigations because actually I would have been unaffected. The other half I will do the wrong thing because of incomplete reporting.


> Knowing a half-truth is as bad as knowing nothing.

This is assuming the perfect user who even understands the bug and the full impact. Everyone is working with half-truths already, in which case by your logic they may as well know nothing.


This is true of even disclosures with all information available.

I can't count how many people did incorrect or unnecessary fixes for log4shell, even months after it was disclosed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: