| ▲ | jopsen 2 hours ago | |
The specification doesn't have to be. But yeah, writing specs is usually harder than reviewing the code 4 times :) | ||
| ▲ | walnut_water an hour ago | parent [-] | |
It kinda does. See WPA2 KRACK, you could've had a formally verified WPA2 implementation and it still would've been exploitable because the flaw was the specification itself. | ||