| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jan 2010 22:14:20 -0500 From: Jeffrey Walton <noloader@...il.com> To: Christian Sciberras <uuf6429@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Two MSIE 6.0/7.0 NULL pointer crashes On Thu, Jan 21, 2010 at 11:22 AM, Christian Sciberras <uuf6429@...il.com> wrote: > People are unreasonable, first they complain about > lack of quick patches/fixes. Next they complain about > fixes crashing their system. You're right - Corporate America needs to find more folks willing to accept unpatched software that crashes their system. Its hard to justify big bonuses when a company is run into the ground (wait - no its not. Disregard.) > On Thu, Jan 21, 2010 at 5:12 PM, Dan Kaminsky <dan@...para.com> wrote: >> >> On Thu, Jan 21, 2010 at 1:53 AM, Michal Zalewski <lcamtuf@...edump.cx> >> wrote: >> >> Testing takes time. That's why both Microsoft and Mozilla test. >> > >> > Testing almost never legitimately takes months or years, unless the >> > process is severely broken; contrary to the popular claims, >> > personally, I have serious doubts that QA is a major bottleneck when >> > it comes to security response - certainly not as often as portrayed. >> >> There are a lot of factors that go into how long it takes to run QA. >> Here's a few (I'll leave out the joys of multivendor for now): >> >> [SNIP] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists