| ▲ | Davidbrcz 6 hours ago | |
Don't worry about C or C++, we create the vulnerabilities ourselves ! | ||
| ▲ | GuB-42 4 hours ago | parent [-] | |
I get the joke, but that makes me think. What is worse between writing potentially vulnerable code yourself and having too many dependencies. Finding vulnerabilities and writing exploits is costly, and hackers will most likely target popular libraries over your particular software, much higher impact, and it pays better. Dependencies also tend to do more than you need, increasing the attack surface. So your C code may be worse in theory, but it is a smaller, thus harder to hit target. It is probably an advantage against undiscriminating attacks like bots and a downside against targeted attacks by motivated groups. | ||