Remix.run Logo
beanjuiceII an hour ago

one bug is all it takes

bell-cot an hour ago | parent | next [-]

In theory.

But real defenses are generally multi-layered. And in that context, a Swiss cheese slice with only one hole is still extremely valuable.

JCattheATM an hour ago | parent [-]

Well, that's where OpenBSD falls short, it lacks facilities to really enforce defense in depth - even NetBSD has some better features in this regard.

Analemma_ an hour ago | parent | prev [-]

LPEs do need to be fixed, but for most people it's not a threat model they need to worry about.

dathinab an hour ago | parent [-]

this is a misconception

yes, most company settings don't run untrusted code, and OpenBSD is mostly used for servers not employee devices

but that doesn't mean LPEs aren't quite relevant, because they matter for pretty much everyone if combined with other vulnerabilities, like RCE, supply chain attack etc.

and while RCE are becoming less common, supply chain attacks have been increasingly more common