Security release criterion proposal
Pavel Kankovsky
peak at argo.troja.mff.cuni.cz
Sun May 22 15:39:47 UTC 2011
On Wed, 18 May 2011, Adam Williamson wrote:
> # There must be no known remote code execution vulnerability which could
> be exploited during installation or during use of a live image shipped
> with the release
A vulnerability does not need to involve code execution to be serious
enough. Consider a remotely exploitable vulnerability making it possible
to read any files. Or to send email (read: spam). Or to delete or corrupt
data.
(On the other hand, arbitrary code execution may be a mere nuisance
as long as it is confined properly.)
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /
More information about the security
mailing list