[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: future of bytecode verifier
- From: Florian Weimer <fw@...>
- Date: Wed, 04 Mar 2009 23:02:24 +0100
* Luiz Henrique de Figueiredo:
> The whole point is that providing a bytecode verifier that is flawed
> (even if it's only in malicious code) gives you an illusion of safety.
> And this is as bad, or actually worse, than having no verifier.
You might also have to deal with PR fallout due to people disclosing
security vulnerabilities in the verifier, no matter how irrelevant
they are in practice.