Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did

[Gunnar Peterson <gunnar () arctecgroup net>]

I don't understand what is wrong with having security as a first 
principle in the design stage? Does anyone seriously believe that Win 
98 is more secure than OpenBSD? Or that ActiveX is more secure than 
Java Applets? Or Sendmail than Postfix? All of these are examples where 
the latter case took security as a first principle and in IMO achieved 
a more secure package. Obviously the arguments are nebulous on both 
sides, but as a matter of degree each of these cases seems to indicate 
that designing for security is a good way to spend your security 
dollar.

-gp

On Feb 4, 2004, at 7:44 PM, Chris Eagle wrote:

> Matt wrote:
> > > I also think they were referring more towards cases in which new
> > > functionality needs to be added to existing code, or existing
> > > functionality modified to some significant degree. Vulnerabilities
> > > don't tend to fall into either of these categories.
> >
> > Are you for real? How do you define vulnerability?
>
> Neither of the above imply the software is broken while a vulnerability
> does. Software can a) get redesigned or b) have features added without 
> c)
> discovering or repairing any vulnerabilities. Both a and b are 
> probably more
> expensive than c.
>
> Chris
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave