Firewall Wizards mailing list archives
Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)
From: daw () mozart cs berkeley edu (David Wagner)
Date: 8 Aug 2001 19:58:52 GMT
Predrag Zivic wrote:
You were quite right to what the solution should be. Prevent is the key word. Not how to deal (although that is the part of the issue and the process) but how to prevent the problem from happening. As far as I am concerned, proper and fine grained access control is a very good prevention solution.
Huh? Access control has little to do with buggy code. All the access control mechanisms in the world don't help if your trusted code has a buffer overrun vulnerability. Access control and software assurance are orthogonal. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe), (continued)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) R. DuFresne (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 13)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Jody C. Patilla (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) B. Scott Harroff (Aug 13)