Delaying zero-day security patches for any length of time doesn't protect users. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jamesgeck0 on June 19, 2019 \| parent \| context \| favorite \| on: Mozilla patches Firefox zero-day abused in the wil... Delaying zero-day security patches for any length of time doesn't protect users.

AdmiralAsshat on June 19, 2019 [–]

I don't like dealing in absolutes. There are valid reasons to hold a security patch for some period of time if the cure is worse than the poison. See, for example, some of the early Spectre/Meltdown mitigations that caused a 20% performance hit.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact