Re: NVDA updates for security fixes


 

I'll also add that most end users, and I include myself in that group, will not understand a very great many security issues and never will.

If you want a short article, with links to primary sources in it, regarding what "the security geeks" use then see this article from Red Hat Linux: What is a CVE?

And in application software, such as NVDA, vulnerabilities are not frequently directly linked to a CVE, but are discovered by other means and fixed with little fanfare.

There is an old phrase, "Security by obscurity," and it's said, accurately, that you cannot count on that.  But, the converse is, it still helps to keep the public safe.  It is standard practice to keep identified vulnerabilities under wraps, both prior to and after fixes, because giving the gory details opens them up to exploitation.  And given what we know about end users clutching out-of-support software for dear life, if the "how to manual" for compromising same were to routinely be made common knowledge it would encourage a lot more amateur hacking "for the sake of practice" and make a lot more lives miserable.

Thus, all you're often going to get is the phrase, "security fixes."  That's very deliberate.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Constantly insisting on “my rights” with no consideration of “my responsibilities” isn’t “freedom” — it’s adolescence.
     ~ Commenter, Evangelos, in comments for
         America 2022: Where Everyone Has Rights and No One Has Responsibilities,
        New York Times, February 8, 2022

 

Join nvda@nvda.groups.io to automatically receive all group messages.