Dailydave mailing list archives
Re: The lack of hard questions
From: dan () geer org
Date: Mon, 01 Sep 2008 22:23:29 -0400
Mike Reavey writes: -+----------------- | Hey folks - we're here, watching this thread. Send us your | questions, either directly to msrcteam () microsoft com or to the | list. We'll answer them here:blogs.technet.com/ecostrat in a | future post. One question I've always wanted to know is based on partial knowledge on my part. As I recall the story -- and this is subject to correction -- back when one CD's worth of Windows source was posted on the Internet new exploits began appearing in perhaps a fortnight. That was interesting inasmuch as it proved that amateurs could do it via source analysis and, which is more, this is about the time when MSFT began providing source to a number of governments as part of the monopoly defense -- including countries had (have) competent national laboratories, e.g., Russia. So my questions: what sort of vulns do you get back from foreign governments and, assuming that they don't share except with you, how often are what those governments discover previously unknown, how often are the vulns that are discovered discovered independently, and do you ever see exploits of vulns that have only been identified by governments (and do those exploits correlate with the nature of who is doing the discovering)? A white paper on your efforts to avoid being a vector of cyber warfare would serve, should one be handy. In respect, --dan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions security curmudgeon (Aug 26)
- Re: The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions Mike Reavey (Sep 01)
- Re: The lack of hard questions dan (Sep 02)
- Re: The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions security curmudgeon (Aug 26)
- Re: The lack of hard questions Charles Miller (Aug 26)
- Re: The lack of hard questions Pusscat (Aug 27)
- Message not available
- Re: The lack of hard questions Charles Miller (Sep 01)
- Re: The lack of hard questions ergosum (Sep 01)
- Re: The lack of hard questions Charles Miller (Sep 02)
- Re: The lack of hard questions Matt (Sep 03)
- Re: The lack of hard questions Pusscat (Sep 03)
- Re: The lack of hard questions Pusscat (Aug 27)
- Re: The lack of hard questions Matthieu Suiche (Sep 02)
- Re: The lack of hard questions Charles Miller (Sep 03)
- Re: The lack of hard questions Trygve Aasheim (Sep 03)