RE: [Full-Disclosure] Hotmail & Passport (.NET Accounts)
From: Ed Carp (erc_at_pobox.com)
Date: 05/12/03
- Previous message: Sir Mordred: "[Full-Disclosure] What is better anyway?"
- In reply to: Mark J Cox: "Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)"
- Next in thread: Wayne Chang (Pacific Northwest Software): "Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Mark J Cox" <mjc@redhat.com>, "Nick FitzGerald" <nick@virus-l.demon.co.uk> Date: Mon, 12 May 2003 09:54:06 -0500
> > I sure hope that
> > folk won't be sucked into bogus "MS released fewer IE patches last
> > year" claims based solely on the year-on-year comparison of the
> > number of patch releases (as indicated by security bulletin count).
>
> Most vendors and even open source software projects roll up security
> fixes, usually when issues are classed as minor or if several severe
> issues can be announced and fixed at the same time. To know how many
> issues get rolled up you need to be able to count issues or
> vulnerabilities and that can be quite subjective. However we can
> normalise on CVE data to get useful statistics:
Counting vulnerabilities is a ridiculous way of assessing security! Common
sense should tell you that, an no explanation is needed for this very
obvious fact.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Sir Mordred: "[Full-Disclosure] What is better anyway?"
- In reply to: Mark J Cox: "Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)"
- Next in thread: Wayne Chang (Pacific Northwest Software): "Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
