[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200311030353.hA33res3008886@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Gates: 'You don't need perfect code' for good security
In some mail from Matthew Murphy, sie said:
>
> Even though MS, by the time you factor in the large number of components
> they ship, has had many times fewer patch releases than competing Linux
> distributions?
>
> 1. OpenSSH v. Remote Desktop / Terminal Services
> OpenSSH: Two vulnerabilities in recent weeks
> RD/Terminal Services: Zero vulnerabilities this year
But according to openbsd's web page, the "two vulnerabilities"
are not remotely exploitable (at least on their platform) so
what exactly are you counting here?
> 2. Sendmail v. Exchange
> As buggy as many people claim Exchange is, it has had two patches this
> year -- if you include OWA. Even though it provides substantially larger
> amounts of functionality for some uses, it has still had fewer
> vulnerabilities than its main competitor, Sendmail.
sendmail dates back to a time when defensive programming wasn't
considered as important as it is today and as such is at a considerable
disadvantage in many ways to more modern mail software programs such as
Exchange or postfix or qmail when compared in this manner.
Darren
Powered by blists - more mailing lists