• cmnybo
    link
    fedilink
    English
    arrow-up
    48
    ·
    1 year ago

    There sure has been a lot of CVE’s in the last couple of weeks!

    • PeWu@lemmy.ml
      link
      fedilink
      arrow-up
      15
      ·
      1 year ago

      For real. One with .webp, one with privilege escalation, and now this.

    • OsrsNeedsF2P@lemmy.ml
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      1 year ago

      Canonical has been aggressively expanding their security team, and Levels.fyi showed last quarter that security researchers were some of the highest paid forms of software development.

      Doesn’t guarantee anything long-term, but there’s a few suggestions that security has gotten a larger focus lately.

      • P03 Locke@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Good. There’s so much chain of trust in the OSS community that it’s hard to keep up with the tens of thousands of libraries that literally hold up the Internet.

        It’s a shame we discover these critical bugs so late in the process, but at least we discover them at all…