You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2021/01/24 02:08:06 UTC

[GitHub] [bookkeeper] AthenaXiao edited a comment on issue #2539: Using a cryptographically weak Pseudo Random Number Generator (PRNG)

AthenaXiao edited a comment on issue #2539:
URL: https://github.com/apache/bookkeeper/issues/2539#issuecomment-766275236


   Thank you so much for replying. We agree that the bug detector is unable to know the context. There might be a gap between the tools and the demands in practices. We want to collect some information to narrow down the gap. We'll so appreciate it if you can share some opinions about the following questions. Your feedback is important for us to help improve the state-of-the-art.
   
   1. What kind of supports do you think are necessary for a bug detector to be useful in practices? Take this as an example, maybe a more accurate context or demonstration of exploits is expected? 
   2. Are there any types of bugs/security vulnerabilities you want the detection tools to pay more attention to?
   3. For a verified bug/vulnerability, what kind of supports/features do you expect to help fix it?
   4. What kind of bug checker/vulnerability detection tools you are using? Do you think they are helpful? 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org