|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Fw: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
One word.... HA ! james ----- Original Message ----- From: "Jeremiah Cornelius" <> To: <[email protected]> Sent: Friday, October 31, 2003 11:32 AM Subject: [Full-Disclosure] Gates: 'You don't need perfect code' for good security : -----BEGIN PGP SIGNED MESSAGE----- : Hash: SHA1 : : FLAME ON! : : http://www.itbusiness.ca/index.asp?theaction=61&sid=53897 : : "But there are two other techniques: one is called firewalling and the other : is called keeping the software up to date. None of these problems (viruses : and worms) happened to people who did either one of those things. If you had : your firewall set up the right way - and when I say firewall I include : scanning e-mail and scanning file transfer -- you wouldn't have had a : problem. But did we have the tools that made that easy and automatic and that : you could really audit that you had done it? No. Microsoft in particular and : the industry in general didn't have it." : : "The second is just the updating thing. Anybody who kept their software up to : date didn't run into any of those problems, because the fixes preceded the : exploit. Now the times between when the vulnerability was published and when : somebody has exploited it, those have been going down, but in every case at : this stage we've had the fix out before the exploit. So next is making it : easy to do the updating, not for general features but just for the very few : critical security things, and then reducing the size of those patches, and : reducing the frequency of the patches, which gets you back to the code : quality issues. We have to bring these things to bear, and the very dramatic : things that we can do in the short term have to do with the firewalls and the : updating infrastructure. " : -----BEGIN PGP SIGNATURE----- : Version: GnuPG v1.2.3 (GNU/Linux) : : iD8DBQE/oqq3Ji2cv3XsiSARAlkdAJ0aGkBViYkoE193iZycTmQZohzwbQCg1KDA : SjPLY1EEzamQCtIGKwJT1Vk= : =mIsY : -----END PGP SIGNATURE----- : : _______________________________________________ : Full-Disclosure - We believe in it. : Charter: http://lists.netsys.com/full-disclosure-charter.html James Edwards Routing and Security Administrator [email protected] At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday 505-988-9200 SIP:1(747)669-1965
|