Security Incidents mailing list archives
Re: Releasing patches is bad for security
From: "Clint Bodungen" <clint () secureconsulting com>
Date: Thu, 26 Feb 2004 13:47:28 -0600
Chris Brenton wrote Thursday, February 26, 2004 12:31 PM:
This is just such a hoot I had to share: http://news.bbc.co.uk/1/hi/technology/3485972.stm The story quotes David Aucsmith, who is in charge of technology at Microsoft's security business and technology unit as stating: "We have never had vulnerabilities exploited before the patch was known," The story then goes on to talk about how vulnerabilities are always reverse engineered from patches. It really sounds to me like he's saying that patches are *the* problem and if only Microsoft would stop releasing patches, then all the security issues would just go away.
It seems the author just didn't express what he was trying to say very well. I think what he was trying to say was disclosure of the patch / patch details was the culprit... not the actual release of the patch. But yes, there is still some blatant ignorance in that article. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Releasing patches is bad for security Chris Brenton (Feb 26)
- RE: Releasing patches is bad for security Dave Paris (Feb 26)
- Re: Releasing patches is bad for security Clint Bodungen (Feb 26)
- RE: Releasing patches is bad for security Curt Purdy (Feb 26)
- Re: Releasing patches is bad for security Pall Thayer (Feb 26)
- Re: Releasing patches is bad for security mgotts (Feb 26)
- RE: Releasing patches is bad for security Ross M. W. Bennetts (Feb 26)
- RE: Releasing patches is bad for security Brian Taylor (Feb 29)
- RE: Releasing patches is bad for security Ross M. W. Bennetts (Feb 26)
- Re: Releasing patches is bad for security james (Feb 26)
- RE: Releasing patches is bad for security ELLIS, STEVEN (Feb 27)
- Re: Releasing patches is bad for security james (Feb 27)
- Re: Releasing patches is bad for security Meritt James (Feb 27)
- RE: Releasing patches is bad for security ELLIS, STEVEN (Feb 27)
- <Possible follow-ups>
- RE: Releasing patches is bad for security Gary Nichols (Feb 26)
(Thread continues...)