On Wed, Jan 9, 2019 at 9:51 PM Saku Ytti <s...@ytti.fi> wrote: > I think this contains some assumptions > > 1. discovering security issues in network devices is expensive (and > thus only those you glean from vendor notices realistically exist) > 2. downside of being affected by network device security issue is expensive > > I'm very skeptical if either are true.
Well, it's significantly harder to look for vulns in closed source firmware which only runs on certain expensive devices. My point is that e.g. FRR is an open source software which is designed to run on the same Intel-based systems as the one which probably powers your laptop. I've received a note from FRR devs stating that they're going to get a CVE number soon. It's a good sign, though it should have happened a bit before roughly a thousand of this mailing list subscribers have been informed about the issue, but anyway. -- Töma
