nanog mailing list archives
Re: off-topic rant Re: product liability (was: Virus Update)
From: Valdis.Kletnieks () vt edu
Date: Tue, 09 May 2000 22:12:25 -0400
On Tue, 09 May 2000 19:16:52 EDT, brad reynolds <brad () cow org> said:
microsoft doesn't hold a gun to anyone's head, microsoft seems to provide patches for their software when bugs are found.
The problem is not that they provide or don't provide patches when a bug is found. The problem is that although the MIME working group *SAW* the danger of executable attachments in 1991, a decade later, we still have software that ignores the specific recommendations the original MIME spec made (namely, the default setting is to allow execution). The biggest problem is that although it can be a pain in some assorted body parts to fix a bug in the implementation of a secure design, the pain of trying to patch a broken design is worse - that's just simple Software Design 101. The earlier in the design cycle a problem is found, the easier it is to fix. Case in point: How many Java security bugs have there been? And how many JavaScript security bugs? Which package was designed from the ground up to be secure and sand-box-able? In today's Internet, there is no excuse for trying to substitute patch-upon-patch as a valid security model instead of starting from a known secure design. No Excuse. None. Zip. And for the record, a federal court judge has ruled that Microsoft *did* in fact hold a gun to somebody's head. That's what the entire anti-trust suit was about.... We now return you to your regularly scheduled backhoe or misconfigured router incident.... Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- Re: Virus Update, (continued)
- Re: Virus Update Greg A. Woods (May 04)
- Re: Virus Update Dean Robb (May 08)
- product liability (was: Virus Update) William Allen Simpson (May 09)
- Re: product liability (was: Virus Update) Jim Mercer (May 09)
- Re: product liability (was: Virus Update) William Allen Simpson (May 09)
- Re: product liability (was: Virus Update) Jim Mercer (May 09)
- Re: product liability (was: Virus Update) Greg A. Woods (May 09)
- off-topic rant Re: product liability (was: Virus Update) brad reynolds (May 09)
- Re: off-topic rant Re: product liability (was: Virus Update) Bruce Campbell (May 09)
- Re: off-topic rant Re: product liability (was: Virus Update) Steve Sobol (May 09)
- Re: off-topic rant Re: product liability (was: Virus Update) Valdis . Kletnieks (May 09)