Information Security News mailing list archives
Re: Microsoft upgrades IE flaw to critical after criticism
From: InfoSec News <isn () c4i org>
Date: Tue, 17 Dec 2002 05:22:52 -0600 (CST)
Forwarded from: Russell Coker <russell () coker com au> On Mon, 16 Dec 2002 12:17, InfoSec News wrote:
Forwarded from: Mark A. Simos <MSimos () POBox com> Cc: myemailaccount () fastmail fm The attacks on Microsoft's security are getting repetitious and counter-productive. There are plenty of flaws in many open source products that could be listed and lambasted on a list such as this.
The security problems in Open Source programs are not hidden or down-played. They are fixed as rapidly as possible. Also Open Source software is much easier to fix. "apt-get update ; apt-get dist-upgrade" is much easier than the process of applying fixes for MS operating systems.
IMHO, the attacks have worked and should be put aside until it is obvious they are needed again.
What do you mean by this? Are you referring to the fact that it is necessary to exploit security holes in commercial products to get the vendor to fix them?
The company shutdown production for 2 months and forced every developer to review every line of code.
For that to be true they would need to be very inefficient programmers or very efficient auditors. Auditing code for security holes and fixing them is very difficult work. I simply don't believe that they are capable of auditing all the code in that time. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 10)
- <Possible follow-ups>
- Re: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 11)
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 13)
- Re: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 17)
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 17)
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 18)
- Re: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 20)