I'd argue that obscuring the vulnerability with UUIDs would make it more difficult for good actors (ie., someone on the marketing team) to catch as well, which reduces the likelihood of the ACTUAL issue being fixed. I don't think you can say it's objectively better than using a serial ID.

--

--

A daily programming newsletter (https://abyteofcoding.com). Twitter: https://twitter.com/AByteOfCoding

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store