Bugtraq mailing list archives
Re: Breeze Network Server remote reboot and other bogosity.
From: mudge () L0PHT COM (Dr. Mudge)
Date: Fri, 1 Jan 1999 16:27:50 -0500
On Thu, 31 Dec 1998, Mike Pelley wrote:
production machine. I explained that we had some things to work on, and that we had a security review planned after we had ensured that the machine was stable and functional.
When are vendors going to realize that security needs to be thought of at other points in the game then 'after-the-fact'? I'm not familiar with this particular product but I am, unfortunately, familiar with companies and product teams that follow this same backwards development routine. If you design with security in mind from the beginning you get a better product that is easier to maintain / verify. If you design the product and then think of security after the fact you are left with duct-tape and bubble-gum kludges as fixes. Is it me or is the industry taking a *really* long time to catch on to this? .mudge
Current thread:
- Re: Anonymous Qmail Denial of Service, (continued)
- Re: Anonymous Qmail Denial of Service Trev (Jan 04)
- Vulnerability database workshop Gene Spafford (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Andrew (Jan 04)
- Improved icmp time/mask querying program David G. Andersen (Jan 04)
- Re: Anonymous Qmail Denial of Service Illuminatus Primus (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Maclaren (Jan 04)
- Sendmail 8.9.2 released Patrick Oonk (Jan 04)
- SUN almost has a clue! (automountd) (fwd) Robert Borrell (Jan 04)
- Re: SUN almost has a clue! (automountd) (fwd) Bojan Zdrnja (Jan 05)