Another anonymized posting. I need a real way to do this. Note: I don't write anonymized postings, I just resend them to the list and delete the originals.

[Dave Aitel <dave () immunitysec com>]

Anonymous Coward wrote:

> If you're killing bugs for fame (or because you used to be a hacker, 
and decided to do your part to ruin that wonderful experience for 
today's youth -


You don't think that with the wealth of information now available on 
finding and exploiting holes, it shouldn't be a little harder?  Or 
perhaps you're just pouting that all your good exploits are being made 
useless.

> If you're killing bugs as a legitimate effort to make something 
secure, you need to realize that unless you can stand behind your 
releases and say that "this software is now secure" you aren't doing 
anything.


There's nothing in-between?  There's no level of saf-er?  No MORE 
secure?  It should be 100% secure, otherwise we might as well leave the 
blackhats to have their fun?

No, killing off a bug that people were supposedly using to break into 
CVS repositories is reward enough.  Go find a new one and start over. 
It's not the good-old-days any more.  You'll have to work a little 
harder than that.  Remember: Blackhats find more holes before 9 AM than 
most whitehats do all day, so what's your complaint?

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave