[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031113004604.GA8834@0dayspray.com>
Date: Wed, 12 Nov 2003 19:46:04 -0500
From: David Maynor <dave@...yspray.com>
To: Mikael Olsson <mikael.olsson@...vister.com>
Cc: dphull@...edu, martin f krafft <madduck@...duck.net>,
bugtraq@...urityfocus.com,
full-disclosure people <full-disclosure@...ts.netsys.com>
Subject: Re: Re: Funny article
On Wed, Nov 12, 2003 at 10:49:49PM +0100, Mikael Olsson wrote:
> Of course it should. You don't just "run an OS". Obviously, you
> want your machine to actually do something useful.
>
I disagree. If its a 3rd party app if should not count against the OS
unless every instance of the OS runs that app.
> Granted, you shouldn't count bugs in every single piece of
> linux/bsd software, the same way you shouldn't count bugs in
> every piece of windows software out there, but counting bugs in
> the most commonly used ones is most certainly reasonable.
>
What about apps that run on both windows and linux? When you start
counting 3rd party apps in the equation, you are throwing a horrible
slant into the mix. This is similar to getting a new 3rd party part for
your car then blaming the carmaker when that part fails. Microsoft needs
to include things like apache becasue the make both their OS and the
webserver, so a comaprsion of security flaws broken down by responsible
groups would make Microsoft look horrible.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists