Full Disclosure mailing list archives
Re: Gates: 'You don't need perfect code' for good security
From: Darren Reed <avalon () caligula anu edu au>
Date: Mon, 3 Nov 2003 14:53:40 +1100 (Australia/ACT)
In some mail from Matthew Murphy, sie said:
Even though MS, by the time you factor in the large number of components they ship, has had many times fewer patch releases than competing Linux distributions? 1. OpenSSH v. Remote Desktop / Terminal Services OpenSSH: Two vulnerabilities in recent weeks RD/Terminal Services: Zero vulnerabilities this year
But according to openbsd's web page, the "two vulnerabilities" are not remotely exploitable (at least on their platform) so what exactly are you counting here?
2. Sendmail v. Exchange As buggy as many people claim Exchange is, it has had two patches this year -- if you include OWA. Even though it provides substantially larger amounts of functionality for some uses, it has still had fewer vulnerabilities than its main competitor, Sendmail.
sendmail dates back to a time when defensive programming wasn't considered as important as it is today and as such is at a considerable disadvantage in many ways to more modern mail software programs such as Exchange or postfix or qmail when compared in this manner. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gates: 'You don't need perfect code' for good security, (continued)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security Dave Howe (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Frank Knobbe (Nov 02)
- Re: Gates: 'You don't need perfect code' forgood security Lan Guy (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Darren Reed (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Cesar (Oct 31)
- Re: Gates: 'You don't need perfect code' for good security Charles E. Hill (Oct 31)