Dailydave mailing list archives
Re: Security people are leaches. [sic]
From: RB <aoz.syn () gmail com>
Date: Fri, 7 Aug 2009 21:17:54 -0600
On Fri, Aug 7, 2009 at 11:41, Aaron<apconole () yahoo com> wrote:
The 'shades of grey' only exist to security people. To no one else is it important that a bug disclose information, allow invalid root access, or escalate privileges.
Rather, 'shades of grey' only exist to critical thinkers who actually understand the problems. If you really think privilege escalation and information disclosure are esoteric problems that should be relegated only to "security people", I know a few thousand non-security system administrators that would like you to stop whatever you're doing and go flip burgers. Pretending that there is no such thing as a security bug is a childish pretense and is the equivalent of closing your eyes and assuming nobody's there because you can't see them.
So the point still stands, why burden the average kernel developer/debugger to do security research work for the security researcher?
Because, although rather vocal, researchers compose a numerically insignificant subset of the security "industry". The vast majority are sysadmins, engineers, and programmers that need to prioritize fixes based not only on functionality but on exposure as well. The expectation is not for kernel developers to perform ad-nauseum security analysis of bugs, but for them to exercise due diligence and not suppress security information. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Security people are leaches. [sic] pageexec (Jul 27)
- Re: Security people are leaches. [sic] yersinia (Jul 28)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] Aaron (Jul 28)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] Adrien Kunysz (Aug 06)
- Re: Security people are leaches. [sic] pageexec (Aug 07)
- Re: Security people are leaches. [sic] Aaron (Aug 07)
- Re: Security people are leaches. [sic] RB (Aug 16)
- Re: Security people are leaches. [sic] dave (Aug 08)
- Re: Security people are leaches. [sic] Shane Macaulay (Aug 08)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] yersinia (Jul 28)
- <Possible follow-ups>
- Re: Security people are leaches. [sic] Eugene Teo (Aug 10)