Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-disclosure] Linux's unofficial security-through-coverup policy

From: nnp <version5 () gmail com>
Date: Sat, 19 Jul 2008 12:00:43 +0100
On Fri, Jul 18, 2008 at 4:49 PM, Thomas Ptacek <tqbf () matasano com> wrote:

 And Linus's point is that many of those regressions matter *more* than most
 security bugs, because they can totally hose your system too - corrupt
 filesystems, cause system hangs and lockups, poor performance, and who knows
 what else.


And this is where Linus lapses into crazy talk, because data
corruption bugs are far less important than vulnerabilities that can
compromise my mom's credit card numbers and bank accounts.


Thats a fairly stupid thing to say and is the kind of black and white
point of view that gets security people branded as narrow minded
'masturbating monkies'. Use your imagination for a second and I'm sure
you'll be able to think of a number of situations where a security bug
is far less serious than one that results in data corruption.


Bugs don't
have adversaries. Vulnerabilities do.


Probably because security researchers haven't come up with a way to
make money off them yet.



But I feel Linus' pain.

--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave





-- 
http://www.smashthestack.org
http://www.unprotectedhex.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: