Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Two MSIE 6.0/7.0 NULL pointer crashes
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 21 Jan 2010 22:14:20 -0500

On Thu, Jan 21, 2010 at 11:22 AM, Christian Sciberras <uuf6429 () gmail com> wrote:
People are unreasonable, first they complain about
lack of quick patches/fixes. Next they complain about
fixes crashing their system.
You're right - Corporate America needs to find more folks willing to
accept unpatched software that crashes their system. Its hard to
justify big bonuses when a company is run into the ground (wait - no
its not. Disregard.)

On Thu, Jan 21, 2010 at 5:12 PM, Dan Kaminsky <dan () doxpara com> wrote:

On Thu, Jan 21, 2010 at 1:53 AM, Michal Zalewski <lcamtuf () coredump cx>
Testing takes time.  That's why both Microsoft and Mozilla test.

Testing almost never legitimately takes months or years, unless the
process is severely broken; contrary to the popular claims,
personally, I have serious doubts that QA is a major bottleneck when
it comes to security response - certainly not as often as portrayed.

There are a lot of factors that go into how long it takes to run QA.
Here's a few (I'll leave out the joys of multivendor for now):


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]