guy wrote:Isn't that just saying that code re-use is bad practice because it equates to vulnerability re-use?
If that is true, it also equates to re-use of vulnerability fixes.
If you have 100 apps all with their own statically compiled version of a library and a vulnerability is found and fixed, you have to wait for all 100 projects to update their code before you are safe from that vulnerability.
The same applies to other improvements to the code, be it bug fixes or better performance.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)