Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Evilgrade 2.0 - the update explotation framework is back

From: Valdis.Kletnieks () vt edu
Date: Sun, 31 Oct 2010 10:40:01 -0400
On Sun, 31 Oct 2010 14:24:59 BST, Christian Sciberras said:


In my opinion, all in all, you're creating a yet another overly complex
system with as yet more possible flaws.
Don't forget tat each new line of code is a potential attack vector which
affects any system.


Amen to that.

A more subtle issue is the tradeoff issue:  Any time they have a code engineer
spending time building and feeding that code-signing infrastructure is time that
code engineer *isn't* spending writing actual new features the users *want*.

Which user-requested feature are you going to heave over the side in order to
do code-signing instead?  That question has to enter into the calculus as well.

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: