lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 5 Jul 2004 13:58:28 -0400
From: "Justin Wheeler" <jwheeler@...ademons.com>
To: "Alun Jones" <alun@...is.com>, <bugtraq@...urityfocus.com>
Subject: Re: Microsoft and Security


The simple argument I was making was that if MS' "testing process" is what
keeps patches from coming out in a timely manner, perhaps they should
actually be of decent quality.  When you're getting patches that are both
slow to release, as well as adversely affecting the systems they're being
installed on, MS has met neither of their agends.

Justin

----- Original Message ----- 
From: "Alun Jones" <alun@...is.com>
To: "'Justin Wheeler'" <jwheeler@...ademons.com>; "'Radoslav Dejanovic'"
<radoslav.dejanovic@...us.hr>; <bugtraq@...urityfocus.com>
Sent: Sunday, July 04, 2004 5:06 PM
Subject: RE: Microsoft and Security


> Justin Wheeler <mailto:jwheeler@...ademons.com> wrote on Monday, June
> 28, 2004 5:42 AM:
> > Perhaps that'd be a better argument, if there weren't
> > countless patches
> > from MS in the past that broke other things..
>
> ... okay, so you're arguing that even more QA and more testing should be
> done... but in far less time.
>
> > And I'd also be more likely to believe that if there weren't
> > MS patches out
> > there that fix one particular bug, but completely ignore
> > other ones that are
> > nearly IDENTICAL to it.
>
> ... and while you're at it, you'd like us to spend even more time
searching
> for ways to expand our search for the bug's potential impact, rather than
> releasing a smaller fix, with minimal impact, as soon as possible.
>
> I can't even remotely call myself a Microsoft spokesman - but I am trying
to
> figure out exactly what you're looking for.  Perhaps it's just a platform
to
> vent at Microsoft - fine, vent away.  If you have any suggestions for
> improving the process, perhaps you should try and express those
suggestions
> in a coherent manner that could be used, rather than choosing several
> contradictory stances and insisting that Microsoft satisfy them all.
>
> Alun.
> ~~~~
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ