[Dailydave] The lack of hard questions
Trygve Aasheim
trygve at pogostick.net
Tue Sep 2 06:13:20 EDT 2008
Why sometimes "Security Experts" and not the vendor should say if it is
a vulnerability or a bug, and if its reliable (read entire timeline):
http://www.coresecurity.com/content/open-bsd-advisorie
The vendor might have other interests, and most major vendors run all
their communication through their marketing department (which usually
ARE full of crap)...and that doesn't help. Even if they're packed with
people who can make "reliable exploits"...
And many times the "Security Team" is overbooked (by the marketing
department to do presentations on seminars or create security whitepaper
strategies)...
Microsoft might be different of course...but maybe not in the future,
since they've now proved that security doesn't really sell:
http://pwnie-awards.org/2008/nominees.html#fail
ergosum wrote:
>
> Charles, no ofense, but the MS Security team has several members who can make
> reliable exploits, probably much better than many "security experts". So,
> don't take for granted that MS is full of crap because that shows your lack
> of knowledge about them.
>
>
>
>> On Aug 27, 2008, at 4:55 PM, Valdis.Kletnieks at vt.edu wrote:
>>> On Wed, 27 Aug 2008 09:05:42 EDT, Pusscat said:
>>>> My assumption would be that if it can be made reliable by anyone,
>>>> then it's
>>>> reliable. It probably shouldn't be a quantum value, collapsed by our
>>>> inability ;)
>>> Yes, it only has to be weaponized once.
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunitysec.com
>> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
>
More information about the Dailydave
mailing list