New comment by 3kahg in "Project Glasswing: An Initial Update"

3kahg — Fri, 22 May 2026 22:30:46 +0000

It is the opposite. Security people focus on curl, sudo because they are code bases that contained a lot of features and unused code from the 1990s.

They don't focus on projects where they find nothing. They certainly don't advertise when they find nothing.

Getting a lot of scrutiny is not the recommendation that it appears to be. What is the new standard? Projects that never have bugs are deemed to be suspect because they "have not been scrutinized" (they have, but null results never go public)?

So Mythos only finding one issue after other tools have found 300 this year is embarrassing. Mythos was supposed to be better and novel.

Hacker News: 3kahg

New comment by 3kahg in "Project Glasswing: An Initial Update"