lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002201c43add$1f42a020$6700a8c0@northamerica.corp.microsoft.com>
From: shage at optonline.net (Shane C. Hage)
Subject: Support the Sasser-author fund started

Why should Microsoft have more blame?

In my opinion, I believe that software companies, especially Microsoft, have
taken all of the appropriate steps to provide security within their
products.

Imagine you own a home and installed a security system on all the doors and
windows.  You set the alarm and leave for a weekend.

A thief comes up to your house, breaks a window, and slides through the
opening.  The alarm does not go off because the thief found a vulnerability
in the security system.

Do you blame the security company that installed your intrusion detection
system?

Software companies like Microsoft spend a lot of money developing their
software.  In particular, Microsoft halted development on its products so
that all of its developers could receive training in 'secure coding'
techniques.  Above and beyond that, Microsoft and other software companies
undergo 3rd-party security testing of their software before it is released.

Plus, most of the software is released to the public in the form of Betas or
Release Candidates months ahead of the release date.  If identifying
security holes was that easy then why aren't there more vulnerabilities
reported before the 'gold' release of products.

I do expect that any computer user should have fundamental security training
before using it.  After all, the computer is a tool.  Nobody should operate
a microwave or chainsaw without reading the safety instructions.  The same
care should be taken for computers.

Thanks for taking the time to listen to my thoughts.

Sincerely,

-Shane


----- Original Message ----- 
From: "Georgi Guninski" <guninski@...inski.com>
To: "Tobias Weisserth" <tobias@...sserth.de>
Sent: Friday, May 14, 2004 6:00 PM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started


> On Fri, May 14, 2004 at 07:12:08PM +0200, Tobias Weisserth wrote:
> >
> > > My personal opinion is that more blame should be put on M$.
> >
> > The company is called Microsoft or MS in short. Why don't you use its
> > proper name?
> >
>
> are you sure it is MS and not M$ ????
>
> i was always taught it was M$.
>
> -- 
> When I answered where I wanted to go today, they just hung up -- Unknown
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ