RE: Microsot Liability for vulnerabilities

["JAVIER OTERO" <jotero () SMARTEKH com>]

I come from IBM old machines (360, 370, 303x, 308x) working with old technology (from 60s) in hardware and software, 
they fail maybe one time each a month, now this "old" technology fails each year or less.
Why the "new" technology fails too much?
Is realy for serius bussiness? or for toy bussines?
OK the computer technology is 50 years old, if we remembrer the airplanes 50 yeas ago like DC3, DC3 is MORE secure for 
fligth than actual system computers in general, imagine if the DC3 crash each 100 fligths, does you parents fligth? how 
many fligths each day? if the 1% crash MY GOOD !!!!!, How many demands .....

My 2 mexican cents.

Ing. Fco. Javier Otero De Alba 
Grupo Smartekh 
Antivirus Expertos 
Bussiness Continuity 
Inftegrity 
5243-4782 al 84 Ext.300
México, D.F. 



-----Mensaje original-----
De: ~Kevin Davis³ [mailto:kevin.davis () mindless com]
Enviado el: Martes, 22 de Julio de 2003 09:48 p.m.
Para: security-basics () securityfocus com
Asunto: Re: Microsot Liability for vulnerabilities


I'm not making excuses for bad code.  However, I don't feel that comparing
software products to other consumer products is quite fair.  One thing to
keep in mind when comparing software with other products is that software
and software engineering is a very young field particularly when taken in
the context of selling products to the general public in any significant
measure.  The consumer car industry has been around for 100 years.  Software
standards and quality control standards are just now starting to take some
semblance of shape.  Add on top of that having to deal with an environment
(computer hardware) which changes so fast that in less than five years it is
obsolete and almost every component replaced with something different.  And
at the same time consumers demand ever increasing sophistication in their
software.  Everything becomes a moving target.

It is not really even fair, IMO, to compare it to state of the art consumer
electronics which often has less than desirable failure rates and product
lifespans.  Although there may be quite a few new components, a large
portion of the design and components are typically based upon many decades
and decades of proven design techniques.  What about plasma TVs?  They cost
as much as a car, and are supposedly susceptible to burn in and a lifespan
of about 1/4 of a normal TV.  It is not uncommon to spend $1000's of dollars
on a doctor only to have them accomplish nothing and assuming no malpractice
was committed, you have no recourse to recoup your money.  In fact the
doctor can operate on you, you can die, and not only is he exempt from being
sued, he still expects to get money for it.  Big money.  It mostly boils
down to understanding the product/service, it's market, and the associated
risks.  There probably have been many fields that have had poor reliability
and quality control track records in the first decade or two they offered
products to the general public.

Another item to throw in the mix is that the demand for *secure* consumer
software is extremely new.  It really hasn't come to a head until the last
few years.  For the longest time people were screaming at Microsoft to make
a more *stable* Operating system (and rightly so) and security was much less
of a concern.

I do hope and expect that software will become better as the field matures.
It will not happen overnight, though.  It didn't with any field of any
complexity.



~Kevin Davis³

What possibly could go wrong?


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------