Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two MSIE 6.0/7.0 NULL pointer crashes

From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 20 Jan 2010 22:19:40 +0100
Microsoft response: Shrug, oh wait a minute does this vulnerability effect our bottom line?

OSS community response: We're on it, a fix will be available asap.


Testing takes time.  That's why both Microsoft and Mozilla test.  A
fix being *available* and a fix being *deployable* are not at all the
same things.  "Just pull the latest build from SVN" is rather
noticeably not an option.


"Any complicated and evolving piece of software will have security
vulnerabilities all the time." Quoted for truth.


More accurate:

"Any complicated piece of software on an active attack surface will
have software vulnerabilities found."

There's a lot of projects that stopped evolving, but still have hidden vulns.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: