alt Hacker Newshttps://x.com/FFmpeg/status/2006773495066464580
> Seeing as this has made the orange site, let it be known this person is a model security researcher.
> The issue was not in any FFmpeg release, and a report was sent three days after a new code was added to FFmpeg Git.
> There was no big CVE ADVISORY "MUH SECURITEH" "you need to fix this now or you will be hacked and the world will end" associated with the report.
Replies
bgwalter • yesterday at 6:28 PM
This is another drawback of security research, but one that had already existed before "AI" with ossfuzz.
You basically cannot commit in public to the main branch and audit and test everything 3 months before a release, because any error can be picked up, will be publicized and go into the official statistics.
➕ show 1 reply
Is the FFmpeg Twitter account managed by a developer's teenage son? No matter what point that they try convey, it's always stated in an obnoxious manner.