|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: nnp (version5
gmail.com)
Date: Sat Jul 19 2008 - 06:00:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jul 18, 2008 at 4:49 PM, Thomas Ptacek <tqbfmatasano.com> wrote:
>> And Linus's point is that many of those regressions matter *more* than most
>> security bugs, because they can totally hose your system too - corrupt
>> filesystems, cause system hangs and lockups, poor performance, and who knows
>> what else.
>
> And this is where Linus lapses into crazy talk, because data
> corruption bugs are far less important than vulnerabilities that can
> compromise my mom's credit card numbers and bank accounts.
Thats a fairly stupid thing to say and is the kind of black and white
point of view that gets security people branded as narrow minded
'masturbating monkies'. Use your imagination for a second and I'm sure
you'll be able to think of a number of situations where a security bug
is far less serious than one that results in data corruption.
> Bugs don't
> have adversaries. Vulnerabilities do.
Probably because security researchers haven't come up with a way to
make money off them yet.
>
> But I feel Linus' pain.
>
> --
> ---
> Thomas H. Ptacek // matasano security
> read us on the web: http://www.matasano.com/log
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
--
http://www.smashthestack.org
http://www.unprotectedhex.com
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]