Dailydave mailing list archives
Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 14 Nov 2005 17:27:38 +0100
* Dave Aitel:
And SPIKE and PeachFuzz are free, after all, as long as your corporate guidelines don't prohibit you from using GPL software the way MS's does. :>
There never was an anti-GPL policy at Microsoft. Moreover, GCC is the system compiler of Interix. 8-) A couple of years ago, they simply had a lot of trouble attracting people with broad cross-platform skills (outside Microsoft Research, of course). I wouldn't feel comfortable integrating obscure software running on obscure platforms (which nobody on my team knows in detaiL) into my development process, either. Regarding the lack of CVE IDs, I'd bet that vendors don't tell each other which bugs in which code the test suite has uncovered, which means that you cannot assign meaningful CVE IDs. AFAIK, MITRE isn't too happy about shotgun testing and the mess it causes.
Current thread:
- NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)