lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FCAD9F541A8E8A44881527A6792F892C2938CC@owa.eeye.com>
From: dcopley at eEye.com (Drew Copley)
Subject: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs

 

> -----Original Message-----
> From: Barry Fitzgerald [mailto:bkfsec@....lonestar.org] 
> Sent: Wednesday, June 30, 2004 3:07 PM
> To: Drew Copley
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] (IE/SCOB) Switching Software 
> Because of Bugs: Some Facts About Software and Security bugs
> 
> Drew Copley wrote:
> 
> >Conclusion: Mozilla may be better. I think there is some strong
> >chance of that. But only marginally. It has had bugs. It has a lot
> >of features, which means a lot of potential for security issues. They
> >have kept their browser more conservative then Microsoft has kept
> >Internet Explorer. Traditionally, Mozilla developers have been
> >far more "RFC compliant" - as the saying goes then Microsoft. 
> >
> >
> >
> >  
> >
> 
> Hello Drew,
> 
>        I'll start with my own disclaimer.  I have been a Free 
> Software 
> developer in the past and my bias is hereby established. 
> 
>        However, while I agree with the general point that any 
> piece of 
> software will have bugs and switching simply because a bug has been 
> found is a bad idea, to say that is not to say that all bugs 
> are equal.  
> (I know that that's not what you were saying, but I know that someone 
> will read into what was said that way.)  I'm sure that MS Calc has 
> bugs.  I know, though, that MS Calc's bugs are, most likely, 
> not going 
> to allow black hats to compromise systems and steal people's data. 

I covered this in the paper.

I realize it was really long, apologies for that.

Of course, there is a factor of "footprint" or "landscape".


<snip>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ