Full Disclosure mailing list archives

Re: Gates: 'You don't need perfect code' for good security

From: Darren Reed <avalon () caligula anu edu au>
Date: Mon, 3 Nov 2003 14:53:40 +1100 (Australia/ACT)

In some mail from Matthew Murphy, sie said:


Even though MS, by the time you factor in the large number of components
they ship, has had many times fewer patch releases than competing Linux
distributions?

1. OpenSSH v. Remote Desktop / Terminal Services
OpenSSH: Two vulnerabilities in recent weeks
RD/Terminal Services: Zero vulnerabilities this year


But according to openbsd's web page, the "two vulnerabilities"
are not remotely exploitable (at least on their platform) so
what exactly are you counting here?

2. Sendmail v. Exchange
As buggy as many people claim Exchange is, it has had two patches this
year -- if you include OWA.  Even though it provides substantially larger
amounts of functionality for some uses, it has still had fewer
vulnerabilities than its main competitor, Sendmail.


sendmail dates back to a time when defensive programming wasn't
considered as important as it is today and as such is at a considerable
disadvantage in many ways to more modern mail software programs such as
Exchange or postfix or qmail when compared in this manner.

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Gates: 'You don't need perfect code' for good security, (continued)
- - - Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security Dave Howe (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Frank Knobbe (Nov 02)
    - Re: Gates: 'You don't need perfect code' forgood security Lan Guy (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Darren Reed (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 02)
  - RE: Gates: 'You don't need perfect code' for good security Ron DuFresne (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
  - Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
    - Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
    - Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
    - Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
    - Re: Re: Gates: 'You don't need perfect code' for good security Cesar (Oct 31)
    - Re: Gates: 'You don't need perfect code' for good security Charles E. Hill (Oct 31)

(Thread continues...)