A Word on Solutions (edit source code)

Often times you will see a VDB or researcher disclosure offer the solution “Edit the source code to ensure that input is properly sanitised.” I’ve never been fond of this for several reasons. First and probably the most obvious, duh? If I proclaim “send food to the hungry”, have I now provided a solution for world hunger? No need to debate semantics or definitions, the bottom line is I haven’t (or we wouldn’t have the problem anymore). So offering a solution of “editing the source to sanitize input” is about as helpful as my solution. Second, if the solution was really so easy, wouldn’t the developers have done it in the first place? Couldn’t we apply such advice to all programs from all projects? Third, most users and administrators don’t have the programming experience to make such source code changes. Even if they did, most simply don’t have the time to edit every package they may use, let alone fully test their changes and ensure functionality and security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: