lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Gates: 'You don't need perfect code' for good security

In some mail from Matthew Murphy, sie said:
> 
> Even though MS, by the time you factor in the large number of components
> they ship, has had many times fewer patch releases than competing Linux
> distributions?
> 
> 1. OpenSSH v. Remote Desktop / Terminal Services
> OpenSSH: Two vulnerabilities in recent weeks
> RD/Terminal Services: Zero vulnerabilities this year

But according to openbsd's web page, the "two vulnerabilities"
are not remotely exploitable (at least on their platform) so
what exactly are you counting here?

> 2. Sendmail v. Exchange
> As buggy as many people claim Exchange is, it has had two patches this
> year -- if you include OWA.  Even though it provides substantially larger
> amounts of functionality for some uses, it has still had fewer
> vulnerabilities than its main competitor, Sendmail.

sendmail dates back to a time when defensive programming wasn't
considered as important as it is today and as such is at a considerable
disadvantage in many ways to more modern mail software programs such as
Exchange or postfix or qmail when compared in this manner.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ