Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)

From: phocean <0x90 () phocean net>
Date: Sun, 21 Apr 2013 08:48:27 +0200
Guys,

There will be always mistakes, thus we, security guys, will always have a job. That's life, that's human nature.
The best solution would be to rely as little as possible on humans, as with the use of "safe languages". But yet, there 
can be functional flaws.

Something you can't ask to all companies though: add more processes or hire more people, especially competent ones. 
Because there is a cost on all that. In some areas, it is even difficult to find a developper on the market, so a 
decent one or more, a security guy...

So in theory, I agree with you, but in practice, it is too idealistic: we have the folks we have and we need business 
(and small companies taking risks and making errors).

-----
phocean

Le 21 avr. 2013 à 07:06, Valdis.Kletnieks () vt edu a écrit :


On Sat, 20 Apr 2013 20:02:12 -0400, Bryan said:

The only point that I was trying to make is that there needs to be
more of an investement in the security facet of software development,
and that if a company is not willing to invest the resources to
create a secure product, not to whine when they get hacked.


Are they allowed to whine if they invest the resources, and still get hacked?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: