Full Disclosure mailing list archives
Re: How to Report a Security VulnerabilitytoMicrosoft
From: Valdis.Kletnieks () vt edu
Date: Wed, 13 Apr 2005 00:44:42 -0400
On Tue, 12 Apr 2005 17:21:20 EDT, mcbain () aol com said:
I personally have only been effected once _severely_ after patch Tuesday.
You've been lucky, then.. ;)
But think about it, the testing scenarios that exist on planet earth can not possibly be even accounted for let alone tested in Redmond.
Insufficient testing for breaking end-user configurations is an entirely different issue. Your claim was that "they find the root of the problem", and that doing this adds time to get the patch out the door. My point is that if they in fact were doing that, we'd not see so many "It still works if you put a \ in front of the semicolon" type reports - an indication that the released patch is not in fact fixing the basic problem. (To be fair to Microsoft - sometimes the "basic problem" is a basic conceptual design flaw that can't be fixed in a clean compatible way, and you end up just papering over the known holes and pushing a "real" fix off to "the next release")
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: How to Report a Security VulnerabilitytoMicrosoft, (continued)
- Re: How to Report a Security VulnerabilitytoMicrosoft Dan Becker (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft tuytumadre (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft Bipin Gautam (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft bkfsec (Apr 13)
- Re: How to Report a Security VulnerabilitytoMicrosoft Georgi Guninski (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft Valdis . Kletnieks (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft dk (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft Valdis . Kletnieks (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft Georgi Guninski (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft dk (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft bkfsec (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Danny (Apr 13)