| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jun 2004 08:41:40 -0400 From: "Justin Wheeler" <jwheeler@...ademons.com> To: Radoslav Dejanović <radoslav.dejanovic@...us.hr>, <bugtraq@...urityfocus.com> Subject: Re: Microsoft and Security On Friday 25 June 2004 20:53, http-equiv@...ite.com wrote: >> What's happening here. Where is the Microsoft representative >> explaining all of this to the shareholders and "customers" they >> so dearly wish to protect. This is unacceptable. Someone must >> be held accountable. > >Although I do agree on most of your words, I hardly find this list >appropriate for such rants. You're talking to people who already know >this, and do not forget that Microsoft doesn't play security game like >Open Source people do. It is two different worlds, really. While OS people >might just sit down, write a patch and publish it, MS people would have to >write patch, submit it to QA, see that it doesn't break something else, >see that it doesn't make the end-user experience less comfortable, and >only then release it to the public (takes time, doesn't it?). *snip* Perhaps that'd be a better argument, if there weren't countless patches from MS in the past that broke other things.. (http://www.securityfocus.com/archive/1/OF6CB1254D.22B27464-ON85256E89.004FB 436-85256E89.0050E58D@...a.com/2004-06-25/2004-07-01/0 for example). And I'd also be more likely to believe that if there weren't MS patches out there that fix one particular bug, but completely ignore other ones that are nearly IDENTICAL to it. Justin
Powered by blists - more mailing lists