That's even worse for the browser: you have to trust several orders of magnitude more code implementing a massive set of interdependent features. If we account for complexity by using a metric like "(man-years of battle-testing)/(magnitude of attack surface)", a well-tested specialized client that hasn't had many recent bug reports is a much safer choice than anything running in a browser. If you only consider the number of man-years an application has been battle-tested, you imply that design complexity and attack surface doesn't matter. A specialized client that only implements one protocol without any connection to the "web" is far easier to reason about and debug. They also have a monstrous attack surface because they are "web-facing". Browsers are far more battle-tested than just about any other web-facing application on your computer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |