The Announcement Late last month there was an announcement of a “severity 9.9 vulnerability” allowing remote code execution that affects “all GNU/Linux systems (plus others)”…
I think it perfectly highlights what can happen when the risk/severity is blown out of proportion. People will latch on to that and waste precious time and energy defending that.
If the original guy had just published “CUPS has a RCE, firewall it if you haven’t already”, the issue would have been patched in the next release, and the world would have kept turning.
It was a really cool bug, and a great find, it didn’t need the hype
I think it perfectly highlights what can happen when the risk/severity is blown out of proportion. People will latch on to that and waste precious time and energy defending that.
If the original guy had just published “CUPS has a RCE, firewall it if you haven’t already”, the issue would have been patched in the next release, and the world would have kept turning.
It was a really cool bug, and a great find, it didn’t need the hype