Firewall Wizards mailing list archives

Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)

From: daw () mozart cs berkeley edu (David Wagner)
Date: 8 Aug 2001 19:58:52 GMT

Predrag Zivic  wrote:

You were quite right to what the solution should be.
Prevent is the key word. Not how to deal (although
that is the part of the issue and the process) but how
to prevent the problem from happening. 
As far as I am concerned, proper and fine grained
access control is a very good prevention solution.


Huh?  Access control has little to do with buggy code.  All the access
control mechanisms in the world don't help if your trusted code has a
buffer overrun vulnerability.  Access control and software assurance
are orthogonal.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe), (continued)
- - - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 11)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) R. DuFresne (Aug 08)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 08)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 08)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 13)
  - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) daN. (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Jody C. Patilla (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) daN. (Aug 10)
  - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) B. Scott Harroff (Aug 13)
    - RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Tony (Aug 16)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) daN. (Aug 16)