Security Incidents mailing list archives

RE: Releasing patches is bad for security


From: "Dave Paris" <dparis () w3works com>
Date: Thu, 26 Feb 2004 14:59:21 -0500

Technically, this is a viable method for getting security flaws to go away.
After all, nobody in their right mind would use the OS so it'll go away -
and the flaws along with it.

... hey, whatever path to security works. ;-)

Kind Regards (and good chuckles!),
-dsp

-----Original Message-----
From: Chris Brenton [mailto:cbrenton () chrisbrenton org]
Sent: Thursday, February 26, 2004 1:31 PM
To: incidents () securityfocus com
Subject: Releasing patches is bad for security


Greets all,

This is just such a hoot I had to share:
http://news.bbc.co.uk/1/hi/technology/3485972.stm

The story quotes David Aucsmith, who is in charge of technology at
Microsoft's security business and technology unit as stating:

"We have never had vulnerabilities exploited before the patch was
known,"

The story then goes on to talk about how vulnerabilities are always
reverse engineered from patches. It really sounds to me like he's saying
that patches are *the* problem and if only Microsoft would stop
releasing patches, then all the security issues would just go away.

Microsoft has already dropped down to a monthly patch system. Even then
they have already been skipping months. Could this be early PR spin to
justify not releasing security patches?

C



------------------------------------------------------------------
---------
------------------------------------------------------------------
----------







---------------------------------------------------------------------------
----------------------------------------------------------------------------


Current thread: