We can argue all we want about CI infrastructure, manual testing, test nets/deployment, staged deployment.
All of that is secondary: they wrote and shipped code that blindly loaded and tried to parse content from the network, and crashed when that failed. In kernel mode.
Honestly it’s probably good that this happened, because presumably someone malicious could use this level of broken logic to compromise kernel space.
Certainly the trust they put in the safety of parsing content downloaded from the internet makes me wonder about the correctness of their code for reading data from userspace.
All of that is secondary: they wrote and shipped code that blindly loaded and tried to parse content from the network, and crashed when that failed. In kernel mode.
Honestly it’s probably good that this happened, because presumably someone malicious could use this level of broken logic to compromise kernel space.
Certainly the trust they put in the safety of parsing content downloaded from the internet makes me wonder about the correctness of their code for reading data from userspace.