Full Disclosure mailing list archives
Re: Re: Gates: 'You don't need perfect code' for good security
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 3 Nov 2003 12:01:00 -0600 (CST)
[SNIP]
It wasn't a general statement on MS security, though it was ambiguous enough. He mixed a lot of generalisms (layered security, Windows a target because it is more widely deployed) with a lot of non-sequitur specifics (Win2K3 hasn't seen a lot of exploits [duh! it isn't widely deployed! See the last sentence!]
The "target due to large deployment" argument takes on less significance
when one considers that most every site has at least one 'router' and
cisco dominates that realm, yet, the targeting of successful cisco
exploits is certainly tons smaller then most the sploits that target
desktops. And I use the term 'desktops' specifically, as most corps will
find their 'servers' seldom sploited like their desktop env's. Even those
places that use alot of windows systems as 'servers'.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gates: 'You don't need perfect code' for good security, (continued)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Geoincidents (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Cesar (Oct 31)
- Re: Gates: 'You don't need perfect code' for good security Charles E. Hill (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Paul Schmehl (Nov 01)
- Re: Re: Gates: 'You don't need perfect code' for good security Michael Gale (Nov 02)
- Re: Re: Gates: 'You don't need perfect code' for good security Ron DuFresne (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Nov 01)
- Re: Re: Gates: 'You don't need perfect code' for good security Paul Schmehl (Oct 31)
- Re: Re: Gates: 'You don't need perfect code' for good security Ron DuFresne (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Cael Abal (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Ron DuFresne (Nov 03)
- Re: Re: Gates: 'You don't need perfect code' for good security Gary E. Miller (Nov 03)