> Our threat model is that all software developers make mistakes, and sometimes ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		grandempire 10 months ago \| parent \| context \| favorite \| on: Compiler Options Hardening Guide for C and C++ > Our threat model is that all software developers make mistakes, and sometimes those mistakes lead to vulnerabilities That’s not a threat model. What are the attackers going to do if there are vulnerabilities in your executable? Is it connected to a web server? Does it have access to privileged resources?

steveklabnik 10 months ago [–]

They're using it in the sense of "the scope of this document covers this scenario," so the answer to all of your questions are out of scope.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact