undefined | Better HN

0 pointsshukantpal4y ago0 comments

However, one does not conclude from the other as is insinuated in the comment.

0 comments

If all products have CVEs, and CVEs are a form of defect, then it follows quite naturally that highly defective products will have CVEs, likely more than less defective products.

So yes. Yes it does. Unless you meant that CVEs imply garbage code, in which case I think you read the comment wrong.

kruczek4y ago

But here we're talking about one particular CVE:

> everyone is now aware of the awful engineering practices that underpin their products

This one fault doesn't tell anything about overall quality of the product.

arghwhat4y ago

This is a complete misunderstanding caused by not readinf the first half of the first sentence of the comment.

The full sentence:

> The good thing about the fact that Atlassian offers both on-prem and cloud versions of their offerings is, everyone is now aware of the awful engineering practices that underpin their products.

I.e., because the software is available for on-prem deployment, we have experience deploying, managing and debugging it, and therefore know that it is garbage, and we can apply this knowledge to conclude that their cloud offering is garbage.

It does not say the product is garbage because of a CVE.

aeternum4y ago

It follows in theory but may not in practice. Certain software may have lots of defects that are not CVEs.

arghwhat4y ago

All products will have defects that are not CVEs, hopefully by a large margin.

But every sufficiently complicated product will have defects of this type, and a higher probability of defects does increase the probability of CVEs.

So, it follows in practice, as can be seen by looking at CVE rates from projects with high defect rates (web browsers, kernels, ...) vs projects with low defect rate.

Note that defect rate differences can be caused by multiple things.

j / k navigate · click thread line to collapse

0 comments

arghwhat4y ago

If all products have CVEs, and CVEs are a form of defect, then it follows quite naturally that highly defective products will have CVEs, likely more than less defective products.

So yes. Yes it does. Unless you meant that CVEs imply garbage code, in which case I think you read the comment wrong.

kruczek4y ago

But here we're talking about one particular CVE:

> everyone is now aware of the awful engineering practices that underpin their products

This one fault doesn't tell anything about overall quality of the product.

arghwhat4y ago

This is a complete misunderstanding caused by not readinf the first half of the first sentence of the comment.

The full sentence:

> The good thing about the fact that Atlassian offers both on-prem and cloud versions of their offerings is, everyone is now aware of the awful engineering practices that underpin their products.

It does not say the product is garbage because of a CVE.

aeternum4y ago

It follows in theory but may not in practice. Certain software may have lots of defects that are not CVEs.

arghwhat4y ago

All products will have defects that are not CVEs, hopefully by a large margin.

But every sufficiently complicated product will have defects of this type, and a higher probability of defects does increase the probability of CVEs.

So, it follows in practice, as can be seen by looking at CVE rates from projects with high defect rates (web browsers, kernels, ...) vs projects with low defect rate.

Note that defect rate differences can be caused by multiple things.

j / k navigate · click thread line to collapse