lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <28578.198.162.158.16.1120507519.squirrel@65.61.200.197>
Date: Mon Jul  4 21:06:33 2005
From: eric at arcticbears.com (Eric Paynter)
Subject: RE: Published exploit codes foo foo foo

On Thu, June 30, 2005 12:40 pm, J. Oquendo said:
> I wonder how
> many of these bigger boys' products that have had vulnerabilities
> discovered, I wonder how many of that coding came from outsourced vendors.
> Meaning... "Well we thought we would save money by having
> _INSERT_COUNTRY_HERE code for us." Would be interesting to see where the
> majority of sloppy coders, whose projects have been exploited, come from.

Like anybody fighting against prejudices, most offshore companies that
offer outsourced coding are fighting an uphill battle. Any mistake is seen
as proof of inadequacy. Therefore, the rule for the minority is perfection
for cheap, and any mistake is unacceptable.

Last I heard, Microsoft does 0% outsourcing of coding. All Microsoft code
is 100% USA Quality.

-Eric

--
arctic bears - email and dns services
http://www.arcticbears.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ