lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000501c76817$fd15f680$918112c6@MyBabies>
Date: Fri, 16 Mar 2007 22:10:59 -0000
From: "Mark Litchfield" <Mark@...software.com>
To: <bugtraq@...urityfocus.com>, <vulnwatch@...nwatch.org>,
	<full-disclosure@...ts.netsys.com>
Subject: Your Opinion +

A common comment being made is that a Vendor who creates and sells and OS, 
and then sells security applications to protect their OS is a conflict of 
interest.

Consider the Anti-Trust law suits filed against MS by AOL regarding IE and 
RealNetworks regarding Windows Media Player back in 2003, lets say for 
discussion, MS now turn around and offer up their 'Security Applications' 
for free.  You know exactly what is going to happen.

(I believe the main issue with AOL and Real Networks was that IE and WMP 
were bundled within the OS.)

I guess my point is, whilst I appreciate the common comment, what other 
options are available to an OS vendor.  Offer it up as a free download (not 
bundled within the OS) allowing the end user to make the decision, or to 
carry on charging for it ?

Another common theme has been, that the OS should be secure in the first 
place.  Again I agree with this, but as someone indicated developers 
schedules are being dictated by their marketing departments with shipment 
dates, so regardless of their intentions to code securely a vulnerability is 
likely slip through.

With regard to third party security solutions outside of the OS vendor, in 
reality how many new security issues does their software introduce to a 
fully patched OS.

Cheers

Mark


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ