|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did
From: Gunnar Peterson (gunnar
arctecgroup.net)
Date: Wed Feb 04 2004 - 19:34:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I don't understand what is wrong with having security as a first
principle in the design stage? Does anyone seriously believe that Win
98 is more secure than OpenBSD? Or that ActiveX is more secure than
Java Applets? Or Sendmail than Postfix? All of these are examples where
the latter case took security as a first principle and in IMO achieved
a more secure package. Obviously the arguments are nebulous on both
sides, but as a matter of degree each of these cases seems to indicate
that designing for security is a good way to spend your security
dollar.
-gp
On Feb 4, 2004, at 7:44 PM, Chris Eagle wrote:
> Matt wrote:
>>> I also think they were referring more towards cases in which new
>>> functionality needs to be added to existing code, or existing
>>> functionality modified to some significant degree. Vulnerabilities
>>> don't tend to fall into either of these categories.
>>
>> Are you for real? How do you define vulnerability?
>>
>
> Neither of the above imply the software is broken while a vulnerability
> does. Software can a) get redesigned or b) have features added without
> c)
> discovering or repairing any vulnerabilities. Both a and b are
> probably more
> expensive than c.
>
> Chris
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]