lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1545939C88ED45959039099136C38255@MoFo>
Date: Tue, 20 Mar 2007 12:24:43 -0700
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "Mark Litchfield" <Mark@...software.com>,
	<bugtraq@...urityfocus.com>
Subject: Re: Your Opinion +

It's no more of a conflict of interest than it is for Symantec to sell 
firewall products that protect Veritas backup software (which everyone knows 
has had multiple, serious security issues).

t


----- Original Message ----- 
From: "Mark Litchfield" <Mark@...software.com>
To: <bugtraq@...urityfocus.com>; <vulnwatch@...nwatch.org>; 
<full-disclosure@...ts.netsys.com>
Sent: Friday, March 16, 2007 3:10 PM
Subject: Your Opinion +


>A common comment being made is that a Vendor who creates and sells and OS, 
>and then sells security applications to protect their OS is a conflict of 
>interest.
>
> Consider the Anti-Trust law suits filed against MS by AOL regarding IE and 
> RealNetworks regarding Windows Media Player back in 2003, lets say for 
> discussion, MS now turn around and offer up their 'Security Applications' 
> for free.  You know exactly what is going to happen.
>
> (I believe the main issue with AOL and Real Networks was that IE and WMP 
> were bundled within the OS.)
>
> I guess my point is, whilst I appreciate the common comment, what other 
> options are available to an OS vendor.  Offer it up as a free download 
> (not bundled within the OS) allowing the end user to make the decision, or 
> to carry on charging for it ?
>
> Another common theme has been, that the OS should be secure in the first 
> place.  Again I agree with this, but as someone indicated developers 
> schedules are being dictated by their marketing departments with shipment 
> dates, so regardless of their intentions to code securely a vulnerability 
> is likely slip through.
>
> With regard to third party security solutions outside of the OS vendor, in 
> reality how many new security issues does their software introduce to a 
> fully patched OS.
>
> Cheers
>
> Mark
>
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ