Secure Coding mailing list archives
darkreading: voting machines
From: weld at vulnwatch.org (Chris Wysopal)
Date: Thu, 12 Oct 2006 23:03:50 -0500 (EST)
On Mon, 9 Oct 2006, Gary McGraw wrote:
The most interesting thing from an sc-l perspective about this column is that it emphasizes a client need we're often forced to address---the need for a demo exploit. Sometimes those on the receiving end of a software security vulnerability don't believe that findings are real. An often-repeated excuse for doing nothing is "well, that's just a theoretical attack and it's too academic to matter." I can't tell you how many times I've heard that refrain.
In 1998 we put a slogan on the L0pht.com web page. "That vulnerability is theoretical." -Microsoft L0pht - making the theoretical practical since 1992. Microsoft doesn't say that line any more. I guess a few worms can change your tune. It seems that you need to get bitten a few times before you automatically put on the bug spray before heading down to the swamp. -Chris
Current thread:
- darkreading: voting machines Gary McGraw (Oct 09)
- darkreading: voting machines Chris Wysopal (Oct 12)
- <Possible follow-ups>
- darkreading: voting machines Jeremy Epstein (Oct 10)
- darkreading: voting machines Chris Wysopal (Oct 12)
- darkreading: voting machines David A. Wheeler (Oct 11)