Again: introducing surprising correctness bugs? Crashing programs? Absolutely. I don't know how many different ways I can say that my concern here is the misuse of a security term of art. Dropbox engineers do not have as a rite of passage introducing or finding RCE vulnerabilities in Go code. Would that it were so! My job would be much more interesting.

▲

zozbot234 4 days ago | parent [-]

> correctness bugs? Crashing programs? Absolutely.

Denial of service can absolutely be a security issue, as can any correctness bug if it leads to unintended behavior or corrupted data.

▲

tptacek 4 days ago | parent [-]

If that's where we're at, where unhandled exceptions are the security issues we're hanging on, I'll consider my argument won.

▲

zozbot234 4 days ago | parent [-]

That might be a reasonable argument if you were guaranteed an unhandled exception in this instance. Unfortunately that's not the case.

	▲	tptacek 4 days ago \| parent [-]
		If you could demonstrate something better than that, we wouldn't be arguing about the severity of DOS attacks.