Many security vulnerabilities do not have exploit code, so they cannot be added to a testsuite to ensure that they do not regress. One scenario is a security patch gets applied to the release branch for a quick patch release, but fails to be applied, or is misapplied, to the trunk.
A painstaking project would be to go back through every published vulnerability of a piece of software to see if it has regressed.
No comments :
Post a Comment