Full Disclosure mailing list archives
Re: Re: Eudora 6.2 attachment spoof
From: Valdis.Kletnieks () vt edu
Date: Tue, 16 Nov 2004 14:03:43 -0500
On Mon, 29 Nov 2004 05:31:14 EST, KF_lists said:
Professional responses like that *reaaaaaaaaaaaaally* make me wanna go out and pay for Eudora.
OK. So make a difference. How much *more* are you willing to pay for Eudora to make security a higher priority? Yes, we security geeks all have a vested interest in whether Qualcomm fixes the security holes *totally* - the white hats want them fixed, the black hats don't. But we mustn't lose sight of the fact that at the end of the month, Qualcomm probably doesn't manage to pay a *single* programmer's salary out of the income they get from selling "highly secure" Eudora - but they probably manage to pay several programmers if they can advertise "Now with *better* spam filtering!!" As a result, spam filtering that impacts 95% of the user base gets more programmer time/eyeballs than fixing some truly convoluted corner case in the MIME handling that maybe gets used on 0.01% of the users, if that many. Remember - software-for-money is a *business*, and decisions about priorities will almost always be made based on the *business model*, not some moral imperative, because you pay your expenses with sales income, not moral imperatives.
Attachment:
_bin
Description:
Current thread:
- Eudora 6.2 attachment spoof Paul Szabo (Nov 13)
- Re: Eudora 6.2 attachment spoof Steve Dorner (Nov 15)
- Re: Re: Eudora 6.2 attachment spoof KF_lists (Nov 15)
- Re: Re: Eudora 6.2 attachment spoof Valdis . Kletnieks (Nov 17)
- Re: Re: Eudora 6.2 attachment spoof KF_lists (Nov 15)
- Re: Eudora 6.2 attachment spoof Steve Dorner (Nov 15)