OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: James Friesen (lucretiaTELUSPLANET.NET)
Date: Fri Sep 07 2001 - 07:24:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Well a second thought...when a 'user' or 'company' criticizes a products
    'useability' to advise the developer, they (the developer) usually take a
    'holier than thou' attitude and tell you why it's not a problem.

    No offence, but the only solution is goverment enforcement of software
    accountability, and rewriting currently licensing to reflect these types of
    changes.

    When no one audits or accounts for mistakes, then why would a company go
    looking for them?

    They get paid to provide solutions not fixing problems.

    My 0.02 on the matter.

    "As far as I'm concerned it's only illegal if a cop see's me do it", George
    Carlin

    >:> -----Original Message-----
    >:> From: Steve [mailto:steveSECURESOLUTIONS.ORG]
    >:> Sent: Thursday, September 06, 2001 1:34 PM
    >:> To: win2ksecadviceLISTSERV.NTSECURITY.NET
    >:> Subject: Re: IIS Web Server Condom
    >:>
    >:>
    >:> Words spoken by someone who himself does not truly get it or understand.
    >:> Are you a developer? Have you ever had to go through thousands of lines
    >:> of code? Have you ever had to think of every possible scenario? It is
    >:> not as easy as it sounds. Granted, some of the larger companies should
    >:> be able to handle this as they have the resources to throw at the
    >:> problem. But, until the consumers at large start refusing to purchase
    >:> buggy software then upgrades that should have been free or included with
    >:> the original software the problem will never go away.
    >:>
    >:> Regards;
    >:>
    >:>
    >:> Steve Manzuik
    >:> Moderator - VulnWatch
    >:> www.vulnwatch.org
    >:>
    >:> > -----Original Message-----
    >:> > From: Ichinin [mailto:ichininSWIPNET.SE]
    >:> > Sent: Friday, August 17, 2001 7:54 PM
    >:> > To: win2ksecadviceLISTSERV.NTSECURITY.NET
    >:> > Subject: Re: IIS Web Server Condom
    >:> >
    >:> >
    >:> > Howard Marsh wrote:
    >:> > > Could so many security vulnerabilities be fixed so simply?
    >:> >
    >:> > Yes.
    >:> >
    >:> > Because of..
    >:> >
    >:> > 1) Some developers are lazy A-holes and just shovle the
    >:> > variables into a DB or app without checking validity, hence
    >:> > the great number of insecure products.
    >:> >
    >:> > 2) Some people does not understand security or are ignorant
    >:> > or choose the ostridge approach to security.
    >:> >
    >:> > /Ichinin
    >:> >
    >:> > _____________________________________________________________________
    >:> > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    >:> > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice
    >:> > DIGEST" SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    >:> >
    >:>
    >:> _____________________________________________________________________
    >:> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    >:> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    >:> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    >:>

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net