Bugtraq mailing list archives
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Sat, 25 Nov 2006 12:24:51 -0800
On 11/25/06 9:53 AM, "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net> opined:
However, one cannot merely jump from the fact that Mr. Litchfield is beyond reproach to make his mere opinions into facts. Expert witnesses are bound by the "Daubert test" these days (gotta love it when even the wikipedia has a link http://en.wikipedia.org/wiki/Daubert_Standard )
<Snip>
In databases, probably the most common and public security event affecting the database security world, I would argue, was SQL slammer, an incident that had a patch available ahead of time.
And of course, the vulnerability SQLSlammer leveraged was discovered by David. It was his "mere opinion" that it was best to wait for Microsoft to release the patch before he published any details that saved countless installations from exploitation. It was his "mere opinion" regarding the propensity of worm activity that prompted immediate action on the part of administrators to patch their systems. And when he was too ill to attend the Singapore Blackhat conference, it was his "mere opinion" that the vulnerability was so critical, and so important to get patched, that he entrusted me with his personal materials so that I could give the lecture in his stead. He was, of course, precisely correct on all counts. I've known Dave for years now... Stick by your "Daubert test," and be as pedantic as you wish regarding what constitutes "fact" and "opinion." But for me, when it comes to David Litchfield and computer security, they are the same thing. If people choose to discount Dave's contributions because they are "mere opinion" then it is MY opinion that they do so at great risk. t
Current thread:
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) stopmakingnoise (Nov 24)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steve Friedl (Nov 25)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Tim Newsham (Nov 27)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 27)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Tim Newsham (Nov 27)
- <Possible follow-ups>
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God) (Nov 25)
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Nov 25)
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God) (Nov 25)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steven M. Christey (Nov 28)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 28)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 29)
- RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Shawn Fitzgerald (Nov 29)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steve Friedl (Nov 25)