someone wrote:
So long as this is easily user configurable, then I don't see this as a huge
risk.
Right - low risk. At this stage, we're into idle speculation as to
finding some weirdo threat.
Don't be tempted by movie plot threats. What you want to do now is
declare it low risk, refer to the conversation, and make the judgement
call: "this risk is accepted. I say it again. The risk of vibration
abuse is not mitigated. So there!"
Then, you go out there into the marketplace, *accepting the risk* and if
there is any reason why you got it wrong, the market will find the
reason and tell you. Say sorry, update, move on.
In all risk modelling, you must accept some risks.
The common trap with trivial risks is that because we can mitigate them,
we do so, instead of accepting them. Meanwhile, by wasting time
mitigating unimportant risks, we distract from other more important
risks...... which require more brain power to deal with.
The common trap with hard risks is that we declare them /out of scope/
because we haven't figured out how to mitigate them.
iang
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
