[Dailydave] [Full-disclosure] Linux's unofficial security-through-coverup policy
nnp
version5 at gmail.com
Sat Jul 19 07:00:43 EDT 2008
On Fri, Jul 18, 2008 at 4:49 PM, Thomas Ptacek <tqbf at matasano.com> wrote:
>> And Linus's point is that many of those regressions matter *more* than most
>> security bugs, because they can totally hose your system too - corrupt
>> filesystems, cause system hangs and lockups, poor performance, and who knows
>> what else.
>
> And this is where Linus lapses into crazy talk, because data
> corruption bugs are far less important than vulnerabilities that can
> compromise my mom's credit card numbers and bank accounts.
Thats a fairly stupid thing to say and is the kind of black and white
point of view that gets security people branded as narrow minded
'masturbating monkies'. Use your imagination for a second and I'm sure
you'll be able to think of a number of situations where a security bug
is far less serious than one that results in data corruption.
> Bugs don't
> have adversaries. Vulnerabilities do.
Probably because security researchers haven't come up with a way to
make money off them yet.
>
> But I feel Linus' pain.
>
> --
> ---
> Thomas H. Ptacek // matasano security
> read us on the web: http://www.matasano.com/log
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
--
http://www.smashthestack.org
http://www.unprotectedhex.com
More information about the Dailydave
mailing list