North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What could have been done differently?
In message <[email protected]>, Scott Francis writes: > >There's a difference between having the occasional bug in one's software >(Apache, OpenSSH) and having a track record of remotely exploitable >vulnerabilities in virtually EVERY revision of EVERY product one ships, on >the client-side, the server side and in the OS itself. Microsoft does not >care about security, regardless of what their latest marketing ploy may be. >If they did, they would not be releasing the same exact bugs in their >software year after year after year. They do have a lousy track record. I'm convinced, though, that they're sincere about wanting to improve, and they're really trying very hard. In fact, I hope that some other vendors follow their lead. My big worry isn't the micro-issues like buffer overflows -- it's the meta-issue of an overall too-complex architecture. I don't think they have a handle on that yet. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
|