Security Basics mailing list archives
RE: Microsot Liability for vulnerabilities
From: "JAVIER OTERO" <jotero () SMARTEKH com>
Date: Wed, 23 Jul 2003 12:55:23 -0500
I come from IBM old machines (360, 370, 303x, 308x) working with old technology (from 60s) in hardware and software, they fail maybe one time each a month, now this "old" technology fails each year or less. Why the "new" technology fails too much? Is realy for serius bussiness? or for toy bussines? OK the computer technology is 50 years old, if we remembrer the airplanes 50 yeas ago like DC3, DC3 is MORE secure for fligth than actual system computers in general, imagine if the DC3 crash each 100 fligths, does you parents fligth? how many fligths each day? if the 1% crash MY GOOD !!!!!, How many demands ..... My 2 mexican cents. Ing. Fco. Javier Otero De Alba Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F. -----Mensaje original----- De: ~Kevin Davis³ [mailto:kevin.davis () mindless com] Enviado el: Martes, 22 de Julio de 2003 09:48 p.m. Para: security-basics () securityfocus com Asunto: Re: Microsot Liability for vulnerabilities I'm not making excuses for bad code. However, I don't feel that comparing software products to other consumer products is quite fair. One thing to keep in mind when comparing software with other products is that software and software engineering is a very young field particularly when taken in the context of selling products to the general public in any significant measure. The consumer car industry has been around for 100 years. Software standards and quality control standards are just now starting to take some semblance of shape. Add on top of that having to deal with an environment (computer hardware) which changes so fast that in less than five years it is obsolete and almost every component replaced with something different. And at the same time consumers demand ever increasing sophistication in their software. Everything becomes a moving target. It is not really even fair, IMO, to compare it to state of the art consumer electronics which often has less than desirable failure rates and product lifespans. Although there may be quite a few new components, a large portion of the design and components are typically based upon many decades and decades of proven design techniques. What about plasma TVs? They cost as much as a car, and are supposedly susceptible to burn in and a lifespan of about 1/4 of a normal TV. It is not uncommon to spend $1000's of dollars on a doctor only to have them accomplish nothing and assuming no malpractice was committed, you have no recourse to recoup your money. In fact the doctor can operate on you, you can die, and not only is he exempt from being sued, he still expects to get money for it. Big money. It mostly boils down to understanding the product/service, it's market, and the associated risks. There probably have been many fields that have had poor reliability and quality control track records in the first decade or two they offered products to the general public. Another item to throw in the mix is that the demand for *secure* consumer software is extremely new. It really hasn't come to a head until the last few years. For the longest time people were screaming at Microsoft to make a more *stable* Operating system (and rightly so) and security was much less of a concern. I do hope and expect that software will become better as the field matures. It will not happen overnight, though. It didn't with any field of any complexity. ~Kevin Davis³ What possibly could go wrong? --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Microsot Liability for vulnerabilities JAVIER OTERO (Jul 23)
- <Possible follow-ups>
- Re: Microsot Liability for vulnerabilities Ranjeet Shetye (Jul 23)
- RE: Microsot Liability for vulnerabilities dave kleiman (Jul 24)
- RE: Microsot Liability for vulnerabilities James Lee Gromoll (Jul 24)
- Re: Microsot Liability for vulnerabilities ~Kevin Davis³ (Jul 25)
- Re: Microsot Liability for vulnerabilities James Lee Gromoll (Jul 28)
- SCO vs. Linux Users (Was: Microsoft Liability for vulnerabilities) Ansgar Wiechers (Jul 28)