Full Disclosure mailing list archives
Re: Web sites compromised by IIS attack
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 30 Jun 2004 21:35:50 -0500
On Wed, 2004-06-30 at 21:08, Paul Schmehl wrote:
I'm right there with you, Frank, on one condition. You hold *every* software vendor to the same standard. [...] If we're going to require that software vendors produce flawless products, we're not going to have many software products. Even Postfix, which *to my knowledge* has never had a security issue, has had numerous bug fixes. (And I think so highly of Postfix that the first thing I do when I install a new OS is replace sendmail with Postfix.)
Heya Paul, well, there is a difference between *free* stuff you choose to pull from the Internet and run yourself. Community driven projects should require that everyone running the product is doing there part to fix flaws (even if it just means reporting it to someone who can fix it). The difference is with products you *pay for*. If you *buy* a product you trade your money (perhaps chicken in other parts of the world) in the amount considered to equal the worth of the product. You should expect to receive a working product in return. My beef is that we started to accept broken products, and we assumes the task of fixing broken products ourselves. That task should not fall on us but on the manufacturer.
We need better methodologies for finding bugs in software.
Right. But we also need better methodologies for vendors to fix their products. The emphasis here is on "the vendor fixing the broken product". It should not be a burden on the consumer, but on the vendor. And yes, I'm not targeting Microsoft in particular, although they are the most blatant abusers of consumer rights. I intentionally included all manufacturer of commercial software products. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Web sites compromised by IIS attack Frank Knobbe (Jun 30)
- Re: Web sites compromised by IIS attack Paul Schmehl (Jun 30)
- Re: Web sites compromised by IIS attack Frank Knobbe (Jun 30)
- Re: Web sites compromised by IIS attack Denis Dimick (Jun 30)
- Re: Web sites compromised by IIS attack Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 30)
- Re: Web sites compromised by IIS attack Frank Knobbe (Jun 30)
- Re: Web sites compromised by IIS attack Denis Dimick (Jun 30)
- Re: Web sites compromised by IIS attack (fully off topic!) Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 30)
- Re: Web sites compromised by IIS attack Valdis . Kletnieks (Jul 01)
- Re: Web sites compromised by IIS attack Raj Mathur (Jul 01)
- Re: Web sites compromised by IIS attack Maarten (Jul 01)
- Re: Web sites compromised by IIS attack Akos Szalkai (Jul 05)
- Re: Web sites compromised by IIS attack Paul Schmehl (Jun 30)
- Re: Web sites compromised by IIS attack Denis Dimick (Jun 30)
- <Possible follow-ups>
- RE: Web sites compromised by IIS attack Stuart Fox (DSL AK) (Jun 30)