lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5.0.0.25.2.20031023123431.059bec30@pop3.direcway.com>
From: madsaxon at direcway.com (madsaxon)
Subject: RE: Linux (in)security

At 09:57 AM 10/23/03 -0700, John Sage wrote:

>I simply cannot think of a more clear, distinct, and comprehensive
>indictment of Microsoft and its operating systems than the unrelenting
>torrent of patches that it issues to fix the defective products that
>its monopoly position in the marketplace has allowed it to foist upon
>the world.
>
>Sure, the UNIX'es and Linux'es of the world have some problems, but
>really now, nothing like Windows.
>
>And a patch, when issued, pretty much works as expected.

Don't get me wrong, I agree with almost all of what you're saying
about Microsoft's poor track record.  However, in the interest
of fairness I'd like to add that I've had to back out of a fair
number of patches to various Unices and Linux systems because the
patch broke something else, usually in a fairly complex enterprise
environment.

I think the reality is that patching comes in a poor second to
engineering secure code in the first place, and that is an area
in which virtually everyone in the industry desperately
needs improvement.

m5x

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ