Firewall Wizards mailing list archives
Re: Re: Extreme Hacking
From: "MI DC" <midc () canoemail com>
Date: Sat, 10 Jul 1999 01:28:29 -0800
crowland () psionic com wrote:
From outside appearances it would seem that the time period for this particular exploit was too short. Consider that MS must: 1) Diagnose and isolate the problem. 2) Develop a cross-platform fix.
Cross-platform? iis runs on nt only.
3) Regression test the fix across all platforms and loads.
Microsoft claims to not regression test hotfixes. And even if they did, "across all platforms" in this case is the one platform on which iis runs.
4) Package the patch and test across all platforms and loads.
Again, testing is required for only the one platform on which iis runs.
5) Repeat steps 3 and 4 in the respective QA lab.
Not to be repetitive, but you were, so, repeat 3 and 4 for the one platform on which iis runs.
6) Distribute the patch and send warning. Not being privy to MS development cycle myself, I can only speculate. I would suspect that the above is a fair assessment however. Don't forget the fact that they have over one million servers out there. It's not a matter of hacking in a fix and sending it out. If it breaks customers they are going to be plenty upset, it's basically a lose-lose situation.
And apache runs on (checking netcraft survey) 3713470 known sites on *multiple* *platforms*, not just on multiple variants of unix or multiple types of hardware (in case you are counting nt on intel and nt on alpha as "all platforms"). That's 2.5 times the number of iis servers, which run on nt only. The Apache Group still gets cross-platform security fixes out same day. (Not intending to start a debate on cathedrals and bazaars.) midc ___________________________________________________________________ Sign up today for your Free E-mail at http://www.canoe.ca/CanoeMail
Current thread:
- RE: Extreme Hacking, (continued)
- Message not available
- RE: Extreme Hacking Jody C. Patilla (Jul 12)
- RE: Extreme Hacking Frank W. Keeney (Jul 07)
- RE: Extreme Hacking char sample (Jul 12)
- RE: Extreme Hacking mht (Jul 12)
- RE: Extreme Hacking char sample (Jul 12)
- Re: Extreme Hacking Matt McClung (Jul 07)
- RE: Extreme Hacking LeGrow, Matt (Jul 09)
- RE: Extreme Hacking sean . kelly (Jul 09)
- Re: Extreme Hacking Chris St.Clair (Jul 12)
- RE: Extreme Hacking sean . kelly (Jul 12)
- Re: Extreme Hacking Alan Lustiger (Jul 12)
- Re: Re: Extreme Hacking MI DC (Jul 12)
- Re: Re: Extreme Hacking MI DC (Jul 12)
- Re: Extreme Hacking Dwcpride (Jul 12)
- Extreme Hacking Budke (Jul 12)