From: Trygve Aasheim (trygvepogostick.net)
Date: Tue Sep 02 2008 - 05:13:20 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why sometimes "Security Experts" and not the vendor should say if it is
a vulnerability or a bug, and if its reliable (read entire timeline):

http://www.coresecurity.com/content/open-bsd-advisorie

The vendor might have other interests, and most major vendors run all
their communication through their marketing department (which usually
ARE full of crap)...and that doesn't help. Even if they're packed with
people who can make "reliable exploits"...

And many times the "Security Team" is overbooked (by the marketing
department to do presentations on seminars or create security whitepaper
strategies)...

Microsoft might be different of course...but maybe not in the future,
since they've now proved that security doesn't really sell:

http://pwnie-awards.org/2008/nominees.html#fail

ergosum wrote:

>
> Charles, no ofense, but the MS Security team has several members who can make
> reliable exploits, probably much better than many "security experts". So,
> don't take for granted that MS is full of crap because that shows your lack
> of knowledge about them.
>
>
>
>> On Aug 27, 2008, at 4:55 PM, Valdis.Kletnieksvt.edu wrote:
>>> On Wed, 27 Aug 2008 09:05:42 EDT, Pusscat said:
>>>> My assumption would be that if it can be made reliable by anyone,
>>>> then it's
>>>> reliable. It probably shouldn't be a quantum value, collapsed by our
>>>> inability ;)
>>> Yes, it only has to be weaponized once.
>> _______________________________________________
>> Dailydave mailing list
>> Dailydavelists.immunitysec.com
>> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]