| ▲ | simonw 5 days ago | |
The lack of a 100% guarantee is entirely the problem. If you get to 99% that's still a security hole, because an adversarial attacker's entire job is to keep on working at it until they find the 1% attack that slips through. Imagine if SQL injection of XSS protection failed for 1% or cases. | ||
| ▲ | jonplackett 5 days ago | parent [-] | |
Even if they get it to 99.9999% (ie 1 in a million) That’s still gonna be unworkable for something deployed at this scale, given this amount of access to important stuff. | ||