Richard Bucker

CVE Says What?

Posted at — Jul 29, 2021

I find it funny and ironic that geeks and nerds that decided Windows is buggy and lacks geek-cred that switched to Linux … are exposed to a shit-ton of CVEs there too. Google is blaming some of it on programmer experience and their tools (enter Rust-lang). But the fact remains… it’s vulnerable.

A simple CVE search:

Separately supply chain appeared 191 times.

While that is a simple text search… the currated OS reports paint almost the same picture. Windows and Linux are not your friend. Too much code. Too many developers. Too many inexperienced developers. Not invented here syndrome.

I really need to change my mission statement and my toolchain.

Consider that many and maybe most firewall vendors use OpenBSD or FreeBSD. While Ubiquiti uses EdgeOS based on Debian Linux they built it themselves.