security/will-appear.md: mention learning

Closes #125
bagder · Jan 7, 2025 · 521409f · 521409f
1 parent a786909
commit 521409f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/security/will-appear.md b/security/will-appear.md
@@ -24,3 +24,15 @@ sure that parts of your audience will react badly.
 They will think that because you published a security vulnerability, your
 project has a bigger problem of insecurity. As if not all actively developed
 projects get these problems, either open or proprietary.
+
+## Learn
+
+Every security incident is a chance to learn. Mistakes are for learning. Why
+did this error slip through and cause this problem? What code pattern can we
+detect or prohibit to prevent this or similar mistakes to happen again?
+
+This is hard. In my experience, most security problems feel like one-offs and
+rare circumstances that happened because of strange changes and your own
+stupidity. Seeing patterns and adjusting ways of working to prevent future
+flaws is difficult work but should always be attempted, to make the most out
+of every CVE.
diff --git a/wordlist.txt b/wordlist.txt
@@ -14,6 +14,7 @@ CLAs
 configs
 Corola
 cURL
+CVE
 CVEs
 distro
 distro's
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,7 @@ CLAs @@
     configs
     Corola
     cURL
+    CVE
     CVEs
     distro
     distro's
@@ Expand Down @@