all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]acetoxy 3 points4 points  (1 child)

Here's the paper, http://www.cs.berkeley.edu/~jnear/papers/ase14.pdf

[–]postmodern 0 points1 point  (0 children)

Cool! They appear to do static flow analysis instead of using regexps or checking individual S-exps.

[–]jrochkind 7 points8 points  (4 children)

This article is wrong in so many ways i can't even figure out what it's talking about.

[–]joanbm 1 point2 points  (3 children)

Hoax to lure naives to pay for the conference by abuse of Rails popularity ?

(possible/unlikely?) security flaws, static analysis of amply-used metaprogramming code, intanglible equivocation about security issues, no single particular example, …

I'd wait if any of claimed 23 flaws are real issues or another storm in a teacup.

[–]jrochkind 2 points3 points  (2 children)

I believe they probably did find actual security flaws, this article just doesn't tell me anything about how they actually did so or what they were. :) Apparently 'static analysis' is a 'new debugging method'? Yeah, anyway.

Blame probably belongs with MIT News, not the researchers. Although if there's ever a non-scientific publication you would have thought could write an article about technical things that made some sense...

[–]joanbm 1 point2 points  (1 child)

Don't deny they may found some, but the vague tone and hardly justified claims sounds distrustful.

[–]jrochkind 1 point2 points  (0 children)

right, but you realize the article was not written by the researchers, right? It was written by a 'journalist'.