[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200607120019.k6C0Jsgn013825@caligula.anu.edu.au>
Date: Wed, 12 Jul 2006 10:19:54 +1000 (Australia/ACT)
From: Darren Reed <avalon@...igula.anu.edu.au>
To: beck@...h.cns.ualberta.ca (Bob Beck)
Cc: bugtraq@...urityfocus.com
Subject: Re: LAMP vs Microsoft
In some mail from Bob Beck, sie said:
>
>
> > And I think vulnerabilities disclosed are a much better indicator
> > of the changes to QA/development of products than any hyperbole
> > from those responsible (be it management or developers.)
>
> No, I think vulnerabilities disclosed is simply a measure of how much
> development and deployment is happening on the platform. period.
Well, if that is what you think, I disagree and I think you're wrong.
And I'm sure the people behind openbsd would have a lot to say about
that statement of yours, too.
> > interesting for hackers to target and vulnerabilities to be found.
> >
> > What would concern me more here is if one platform was on the up
> > whilst the other was on the down.
>
> This will always be the case as one platform changes in popularity
> for deployments relative to another.
There are a lot of holes in that statement you've made there,
with many incorrect assumptions...where to start...
How about if the relative popularity is approximately to stable?
> The simple fact is most of the MS/PHP/JAVA web development will be
> being done by code monkeys, fresh out of school..
You're confusing what I'm interested in (platform security) with
the people who use the platform to develop on top of. If the
foundations of what you're using are insecure, then the web
developer has a harder task.
Darren
Powered by blists - more mailing lists