By PeteH on Apr 16, 2009
Way back in 2000 I had the following insight on security bugs and had this weird urge nine years later to share it. I can't believe it's original...
Security fixes are different from every other kind of fix. As every good troubleshooter knows, when problems occur something almost invariably has changed. For most bugs it is something like load, configuration and so on which can be undone.
With security bugs it is knowledge that has changed and a security weakness can't be unlearned by the world at large.
I don't have insights like that very often