Re: Bug hunter finds another hole in Microsoft IE browser

[InfoSec News <isn () C4I ORG>]

Forwarded By: shikido <shikido () ihug com au>

Friday, October 06, 2000, 11:49:57 AM, you wrote:

> http://news.cnet.com/news/0-1005-200-2939733.html?tag=st.ne.1002.bgif.ni

> "That's not enough time," the Microsoft representative said. "Our
> biggest concern is that in a worst case scenario, it puts the
> customer at risk. The information is out there, and the bad guys
> can get their hands on it. In the best situation, it's
> unnecessarily spinning people up."

I think that quote should be rephrased to "That's not good enough".
How is it that a corporation with such resources and funds behind it,
is always one step behind dedicated people such as Guninski. Not only
does microsoft's response indicate it is not prepared to put it's
resources to work to fix the problem within the time specified, but it
also indicates how much it values the customer. Don't tell us about
problems with our product, we never intended it to be what we
advertise, so it's irrelevant.

Full praise to Guninski, we all know MS could ensure these problems
arise less frequently. It's just a matter of "should we test it ? or
just spend the rest of the timeline chucking in easter eggs ?".

This may sound like a rant, it is. If one man can put in the effort to
find these holes, a global company like microsoft can easily find the
expenditure to curb them.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".