Security Incidents mailing list archives
RE: Releasing patches is bad for security
From: "Dave Paris" <dparis () w3works com>
Date: Thu, 26 Feb 2004 14:59:21 -0500
Technically, this is a viable method for getting security flaws to go away. After all, nobody in their right mind would use the OS so it'll go away - and the flaws along with it. ... hey, whatever path to security works. ;-) Kind Regards (and good chuckles!), -dsp
-----Original Message----- From: Chris Brenton [mailto:cbrenton () chrisbrenton org] Sent: Thursday, February 26, 2004 1:31 PM To: incidents () securityfocus com Subject: Releasing patches is bad for security Greets all, This is just such a hoot I had to share: http://news.bbc.co.uk/1/hi/technology/3485972.stm The story quotes David Aucsmith, who is in charge of technology at Microsoft's security business and technology unit as stating: "We have never had vulnerabilities exploited before the patch was known," The story then goes on to talk about how vulnerabilities are always reverse engineered from patches. It really sounds to me like he's saying that patches are *the* problem and if only Microsoft would stop releasing patches, then all the security issues would just go away. Microsoft has already dropped down to a monthly patch system. Even then they have already been skipping months. Could this be early PR spin to justify not releasing security patches? C ------------------------------------------------------------------ --------- ------------------------------------------------------------------ ----------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Releasing patches is bad for security Chris Brenton (Feb 26)
- RE: Releasing patches is bad for security Dave Paris (Feb 26)
- Re: Releasing patches is bad for security Clint Bodungen (Feb 26)
- RE: Releasing patches is bad for security Curt Purdy (Feb 26)
- Re: Releasing patches is bad for security Pall Thayer (Feb 26)
- Re: Releasing patches is bad for security mgotts (Feb 26)
- RE: Releasing patches is bad for security Ross M. W. Bennetts (Feb 26)
- RE: Releasing patches is bad for security Brian Taylor (Feb 29)
- RE: Releasing patches is bad for security Ross M. W. Bennetts (Feb 26)
- Re: Releasing patches is bad for security james (Feb 26)
- RE: Releasing patches is bad for security ELLIS, STEVEN (Feb 27)
- Re: Releasing patches is bad for security james (Feb 27)
- Re: Releasing patches is bad for security Meritt James (Feb 27)
- RE: Releasing patches is bad for security ELLIS, STEVEN (Feb 27)
(Thread continues...)