# Gavin Andresen
# 2012-06-21 13:49:58
# https://bitcointalk.org/index.php?topic=88892.msg979718#msg979718

In the 0.6.3 thread Graet asks a good question:  what's do we mean by "critical" versus "serious" vulnerability? @p{par}

Here's what those terms mean to me.  All examples are hypothetical: @p{par}

A critical vulnerability is one that will have disastrous consequences if it is exploited. Examples might be a remote code exploit, a bug that somebody could use to take down the entire bitcoin network, or a bug that could be exploited to steal your entire wallet. @p{par}

A serious vulnerability is one that will have serious consequences if it is exploited.  Examples might be a bug that can be triggered by network traffic and will cause the software to stop working or a bug that could be exploited to misdirect your next bitcoin transaction so it goes to an attacker instead of the intended recipient. @p{par}

The 0.6.3 denial-of-service problem I consider "serious" @p{--} an attacker who figures out exactly what the vulnerability is (we haven't disclosed that yet) can make bitcoind or Bitcoin-Qt stop processing transactions. @p{par}

Then there are run-of-the-mill vulnerabilities; things like Sybil attacks that require an attacker to round up hundreds or thousands of machines, or denial-of-service attacks that require that the attacker be able to send the victim gigabytes of network traffic. Dealing with these often doesn't even merit a mention in the release notes, because they affect so few people and require an attacker willing to spend a fair bit of money and/or effort just to be annoying. @p{par}