Whenever you hear about some vulnerability, some of the questions you should ask yourself:

1. How long has that been there?

2. How many other places in the code has this or something similar happened that just haven't been found yet?

3. Why wasn't this caught in code review?

4. Why wasn't it caught in automated testing?

5. Why wasn't it caught in manual testing?

6. Will any of the above things be improved to catch future vulnerabilities before they make it into a release?

These are at least as important as:

A. How would I know if I were exploited?

B. Has anyone seen this being exploited in the wild?

C. Is there a public exploit for this vulnerability?

And if the answer to #6 starts with "We take security very seriously...", consider switching to something else. That's a huge red flag that the PR department is the one responding to the vulnerability.

#security #infosec #cyber #cybersec #cybersecurity #privacy #vuln #vulnerability #exploit