lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dufresne at (Ron DuFresne)
Subject: Re: Gates: 'You don't need perfect code' for
 good security


> It wasn't a general statement on MS security, though it was ambiguous enough.
> He mixed a lot of generalisms (layered security, Windows a target because it
> is more widely deployed) with a lot of non-sequitur specifics (Win2K3 hasn't
> seen a lot of exploits [duh! it isn't widely deployed!  See the last
> sentence!]

The "target due to large deployment" argument takes on less significance
when one considers that most every site has at least one 'router' and
cisco dominates that realm, yet, the targeting of successful cisco
exploits is certainly tons smaller then most the sploits that target
desktops.  And I use the term 'desktops' specifically, as most corps will
find their 'servers' seldom sploited like their desktop env's.  Even those
places that use alot of windows systems as 'servers'.


Ron DuFresne
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists