[arch-security] Openssl flaw

G. Schlisio g.schlisio at dukun.de
Tue Apr 8 09:34:05 EDT 2014

> Why?  Just list every piece of software since the day it was first
> released.  That would be accurate.

i'm not sure, we understand each other.
if i understand you correct, you think, that vulns are in the software
mainly from the beginning until they are fixed.
but in this special case it was introduced with a new release.
my point was, that the exposure time might be an important information.
a long exposure like in this case means, that this vuln could have been
exploited systematically, while an exposure time of a day makes
widespread exploits far less likely.

More information about the arch-security mailing list