lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200607120019.k6C0Jsgn013825@caligula.anu.edu.au>
Date: Wed, 12 Jul 2006 10:19:54 +1000 (Australia/ACT)
From: Darren Reed <avalon@...igula.anu.edu.au>
To: beck@...h.cns.ualberta.ca (Bob Beck)
Cc: bugtraq@...urityfocus.com
Subject: Re: LAMP vs Microsoft

In some mail from Bob Beck, sie said:
> 
> 
> > And I think vulnerabilities disclosed are a much better indicator
> > of the changes to QA/development of products than any hyperbole
> > from those responsible (be it management or developers.)
> 
> 	No, I think vulnerabilities disclosed is simply a measure of how much
> development and deployment is happening on the platform. period. 

Well, if that is what you think, I disagree and I think you're wrong.

And I'm sure the people behind openbsd would have a lot to say about
that statement of yours, too.

> > interesting for hackers to target and vulnerabilities to be found.
> > 
> > What would concern me more here is if one platform was on the up
> > whilst the other was on the down.
> 
> 	This will always be the case as one platform changes in popularity
> for deployments relative to another. 

There are a lot of holes in that statement you've made there,
with many incorrect assumptions...where to start...
How about if the relative popularity is approximately to stable?

> 	The simple fact is most of the MS/PHP/JAVA web development will be
> being done by code monkeys, fresh out of school..

You're confusing what I'm interested in (platform security) with
the people who use the platform to develop on top of.  If the
foundations of what you're using are insecure, then the web
developer has a harder task.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ