[arch-security] Openssl flaw
g.schlisio at dukun.de
Tue Apr 8 09:34:05 EDT 2014
> Why? Just list every piece of software since the day it was first
> released. That would be accurate.
i'm not sure, we understand each other.
if i understand you correct, you think, that vulns are in the software
mainly from the beginning until they are fixed.
but in this special case it was introduced with a new release.
my point was, that the exposure time might be an important information.
a long exposure like in this case means, that this vuln could have been
exploited systematically, while an exposure time of a day makes
widespread exploits far less likely.
More information about the arch-security