| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Nov 2003 19:46:04 -0500 From: David Maynor <dave@...yspray.com> To: Mikael Olsson <mikael.olsson@...vister.com> Cc: dphull@...edu, martin f krafft <madduck@...duck.net>, bugtraq@...urityfocus.com, full-disclosure people <full-disclosure@...ts.netsys.com> Subject: Re: Re: Funny article On Wed, Nov 12, 2003 at 10:49:49PM +0100, Mikael Olsson wrote: > Of course it should. You don't just "run an OS". Obviously, you > want your machine to actually do something useful. > I disagree. If its a 3rd party app if should not count against the OS unless every instance of the OS runs that app. > Granted, you shouldn't count bugs in every single piece of > linux/bsd software, the same way you shouldn't count bugs in > every piece of windows software out there, but counting bugs in > the most commonly used ones is most certainly reasonable. > What about apps that run on both windows and linux? When you start counting 3rd party apps in the equation, you are throwing a horrible slant into the mix. This is similar to getting a new 3rd party part for your car then blaming the carmaker when that part fails. Microsoft needs to include things like apache becasue the make both their OS and the webserver, so a comaprsion of security flaws broken down by responsible groups would make Microsoft look horrible. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists