A brief analysis on CVE-2019-11815

So, I like the idea of TL;DR aka brief analysis (so, up voted). Now, in your analysis, you did not stopped at “technical” analysis and extended it to impact analysis as well, which, is totally a fine thing to do if you have the right background to it.

I would share my disagreement since there is an implicit justification of the issue being a non-issue since it is overblown by X, Y, Z. Since the idea of analysis is being extended, it would make sense if you could share some words on how this could have been avoided in the first place. (e.g. why such a code exist if it is not used at all, what kind of design/development best practices needs to be followed, et cetera). Or, just skip this altogether.

Read moreā€¦

Leave a Reply