lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <605f8e051001211914q77786c73rf66020099bd7eeec@mail.gmail.com>
Date: Thu, 21 Jan 2010 22:14:20 -0500
From: Jeffrey Walton <noloader@...il.com>
To: Christian Sciberras <uuf6429@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Two MSIE 6.0/7.0 NULL pointer crashes

On Thu, Jan 21, 2010 at 11:22 AM, Christian Sciberras <uuf6429@...il.com> wrote:
> People are unreasonable, first they complain about
> lack of quick patches/fixes. Next they complain about
> fixes crashing their system.
You're right - Corporate America needs to find more folks willing to
accept unpatched software that crashes their system. Its hard to
justify big bonuses when a company is run into the ground (wait - no
its not. Disregard.)

> On Thu, Jan 21, 2010 at 5:12 PM, Dan Kaminsky <dan@...para.com> wrote:
>>
>> On Thu, Jan 21, 2010 at 1:53 AM, Michal Zalewski <lcamtuf@...edump.cx>
>> wrote:
>> >> Testing takes time.  That's why both Microsoft and Mozilla test.
>> >
>> > Testing almost never legitimately takes months or years, unless the
>> > process is severely broken; contrary to the popular claims,
>> > personally, I have serious doubts that QA is a major bottleneck when
>> > it comes to security response - certainly not as often as portrayed.
>>
>> There are a lot of factors that go into how long it takes to run QA.
>> Here's a few (I'll leave out the joys of multivendor for now):
>>
>> [SNIP]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ