lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Nov 2003 19:46:04 -0500
From: David Maynor <>
To: Mikael Olsson <>
Cc:, martin f krafft <>,,
   full-disclosure people <>
Subject: Re: Re: Funny article

On Wed, Nov 12, 2003 at 10:49:49PM +0100, Mikael Olsson wrote:
> Of course it should.  You don't just "run an OS". Obviously, you
> want your machine to actually do something useful.
I disagree. If its a 3rd party app if should not count against the OS
unless every instance of the OS runs that app.

> Granted, you shouldn't count bugs in every single piece of 
> linux/bsd software, the same way you shouldn't count bugs in
> every piece of windows software out there, but counting bugs in 
> the most commonly used ones is most certainly reasonable.
What about apps that run on both windows and linux? When you start
counting 3rd party apps in the equation, you are throwing a horrible
slant into the mix. This is similar to getting a new 3rd party part for
your car then blaming the carmaker when that part fails. Microsoft needs
to include things like apache becasue the make both their OS and the
webserver, so a comaprsion of security flaws broken down by responsible
groups would make Microsoft look horrible.

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists