| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Jul 2006 10:19:54 +1000 (Australia/ACT) From: Darren Reed <avalon@...igula.anu.edu.au> To: beck@...h.cns.ualberta.ca (Bob Beck) Cc: bugtraq@...urityfocus.com Subject: Re: LAMP vs Microsoft In some mail from Bob Beck, sie said: > > > > And I think vulnerabilities disclosed are a much better indicator > > of the changes to QA/development of products than any hyperbole > > from those responsible (be it management or developers.) > > No, I think vulnerabilities disclosed is simply a measure of how much > development and deployment is happening on the platform. period. Well, if that is what you think, I disagree and I think you're wrong. And I'm sure the people behind openbsd would have a lot to say about that statement of yours, too. > > interesting for hackers to target and vulnerabilities to be found. > > > > What would concern me more here is if one platform was on the up > > whilst the other was on the down. > > This will always be the case as one platform changes in popularity > for deployments relative to another. There are a lot of holes in that statement you've made there, with many incorrect assumptions...where to start... How about if the relative popularity is approximately to stable? > The simple fact is most of the MS/PHP/JAVA web development will be > being done by code monkeys, fresh out of school.. You're confusing what I'm interested in (platform security) with the people who use the platform to develop on top of. If the foundations of what you're using are insecure, then the web developer has a harder task. Darren
Powered by blists - more mailing lists