mailing list archives
Re: what we REALLY learned from WMF
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 06 Jan 2006 15:45:59 +1300
MS appearantly had the patch read on 28 december 2005.
Suppose they released it 48 hours later, because the flaw is so serious.
Suppose everyone praises MS because they tackled it so quickly.
Suppose the MS patch breaks one of your applications.
Suppose I'd be reading your rant on this list a few days later,
on how MS sucks because they don't take the time to test things properly......
_In this case_ I'd say:
Good on Microsoft for actually living up to the so far mainly BS but
supposedly official 'security must take precedence over features'
company line for several years.
and to the hapless -- no, gormless -- developers of whatever third-
party app(s) were broken I'd say:
Serves you right for using a clearly insecure API, and why are you
whining that your customers prefer security to some ill-conceived,
Retorts along the line:
But MS recommended we do it that way.
would leave one hoping that their few remaining customers now desert
them with all haste as they clearly don't give a rat's a*se about their
customers' security so don't deserve to have any customers.
Yes, but not as unacceptable as _expecting_ your customers to badly
compromise their security for your convenience.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
RE: what we REALLY learned from WMF Donald N Kenepp (Jan 06)
Re: what we REALLY learned from WMF Florian Weimer (Jan 06)
Re: what we REALLY learned from WMF Gavin Conway (Jan 06)