lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <FA78FE4D-F302-48AE-A1FF-F0FDF7361D42@phocean.net>
Date: Sun, 21 Apr 2013 08:48:27 +0200
From: phocean <0x90@...cean.net>
To: "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: VUPEN Security Research - Adobe Flash Player
	RTMP Data Processing Object Confusion (CVE-2013-2555)

Guys,

There will be always mistakes, thus we, security guys, will always have a job. That's life, that's human nature.
The best solution would be to rely as little as possible on humans, as with the use of "safe languages". But yet, there can be functional flaws.

Something you can't ask to all companies though: add more processes or hire more people, especially competent ones. Because there is a cost on all that. In some areas, it is even difficult to find a developper on the market, so a decent one or more, a security guy...

So in theory, I agree with you, but in practice, it is too idealistic: we have the folks we have and we need business (and small companies taking risks and making errors).

-----
phocean

Le 21 avr. 2013 à 07:06, Valdis.Kletnieks@...edu a écrit :

> On Sat, 20 Apr 2013 20:02:12 -0400, Bryan said:
>> The only point that I was trying to make is that there needs to be
>> more of an investement in the security facet of software development,
>> and that if a company is not willing to invest the resources to
>> create a secure product, not to whine when they get hacked.
> 
> Are they allowed to whine if they invest the resources, and still get hacked?
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ