Information Security News mailing list archives
RE: Code Red is Not The Problem
From: InfoSec News <isn () c4i org>
Date: Thu, 9 Aug 2001 06:40:06 -0500 (CDT)
Forwarded by: William T. Barrett <wtb () uhaul com> Interesting thoughts. I thought I would just comment on some of the more salient points. I tried to use humor to point out the absurities, but it probably just comes across as being a asshole.
How about making providing software, with security bugs, for commercial use a felony or something that no disclaimer can waive responsibility for ? Maybe it should be a felony to release any software package with any known bugs or in doing so a software manufacturer voids any claim to hiding behind a disclaimer.
<sarcasm> Oh great idea. And we know what a great job those people in Washington do writing laws for the computer industry. I mean with the widespread succes of the DMCA and the so called Child Online Protection Act and of course the 1996 comunications decentcy act. </sarcasm>
What about going a step further and including deploying software with security bugs a felony, that way making system admins take more care in the software they install.
Were you dropped on your head as a child? It's stressful enough to do this job without the threat of going to jail for fogeting to install a patch. Of course there wouldnt be a patch to put on because that would mean that a flaw exists in the firstplace and therefore you are admiting guilt to the first one.
I don't care if the cost of software increases ten fold or it takes five times as long to get it out the door, our current industry wide practices are simply not good enough. It is time that was fixed.
well bully for you. personally I have a hard enough time squeezeing pennies out for the stuff we use now. While you aperently have a unlimited budget to work with in the real world most companies cant afford that.
How much would it cost Microsoft to do extensive testing of Windows XP, prior to launch, searching for buffer overflows (for example) in every DLL routine, etc, vs how much it will cost the world to clean up later as the bugs get reported ?
Oh yes the "billons" of dollars these incedents cost. You know I would like to see somebody be able to explain exatly how they come up with these numbers. I'm pretty sure it includes the terms "pulling" and "ass".
Look at all the i's which need dotting and t's which need crossing if you want to make a vehicle to drive on the roads, never mind sell to others.
I have yet to hear of anyone getting killed in a computer crash. (he was surfing under the infulence and formated a family of six!! right.)
Why do we accept a complete lack of such standards in the software industry?
Probably because it is virtualy impossable to check billons of lines of complex code and find every single possable error. But that's just my oppinion.
Unfortunately to get anything along these lines requires lobbying politicians to get them to understand and write the correct bill.
goto <sarcasm> -WTB - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Code Red is Not The Problem InfoSec News (Aug 07)
- <Possible follow-ups>
- Re: Code Red is Not The Problem InfoSec News (Aug 08)
- Re: Code Red is Not The Problem InfoSec News (Aug 09)
- RE: Code Red is Not The Problem InfoSec News (Aug 09)
- Re: Code Red is Not The Problem InfoSec News (Aug 09)