Re: [Full-disclosure] All China, All The Time



So, What is the cost of buying a fighter jet? What would be the cost
of hardening windows (say) by default,straight out of Microsoft, with
good defense in depth strategy (or least an ad-on)?


( Sometimes identifying your enemy is difficult than the battle itself
and sometimes the battle exists within itself. )


How accountable should vendor be when it comes to security?


The problem with with Microsoft is, even if i want to give up
flexibility and wish more security there is still no easy way out by
default.


An example, a case of a mainstream company, Microsoft:

* seeks help from an agency who prioritize on "collection efforts"
over the defensive to help "secure?" their software.

* Give away early patches to selected clients (which also CLEARLY
means giving away 0-days information early) and many critical bug
fixes remains un-patched for months/year.

* Only and promptly sell customized/hardened version of Windows to
"selected clients".

Also, a number of solutions that actually works[1] has export control.

So, like nuclear inspection, i think maybe, there should be an
inspection agency under UN to monitor international software/hardware
makers and make sure "Total Paranoia Module" (TPM) can be accomplished
globally via transparency in the software development life-cycle of
ICT products with international inspections to review quality of every
software and hardware that is in international consumption and make
sure it survives the hostility and will live the bureaucracy of
cyberspace before it hits the market.


Reality, unless government steps in for total control and security of
cyberspace, the private sectors are more on their own to protect their
ends. We can only coordinate and try to police each-other and work for
common-defense?

The way i see it, if you see it simple, the solution is quiet simple,
if you make it complicated, you are right!

[1] www.baesystems.com/ProductsServices/bae_prod_csit_xtsstop7.html

Also check, http://lists.menog.net/pipermail/itpolicy-np/2010-January/000540.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: VS.NET is too EXPENSIVE. Developers switching rapidly from it.
    ... but I'll let you know that I don't use Linux myself. ... Microsoft, or any other development company, charges. ... for free, as in no monetary cost, if you want to. ... > Visual Studio, as millions of developers do, then there is cost because ...
    (microsoft.public.vsnet.general)
  • Re: VS.NET is too EXPENSIVE. Developers switching rapidly from it.
    ... but I'll let you know that I don't use Linux myself. ... Microsoft, or any other development company, charges. ... for free, as in no monetary cost, if you want to. ... > Visual Studio, as millions of developers do, then there is cost because ...
    (comp.os.linux.misc)
  • Re: Freeview HD recorders....when?
    ... cost less. ... it would still all be Microsoft. ... important document in docx format. ... Commercial software goes wrong sometimes. ...
    (uk.tech.digital-tv)
  • Re: one more thing
    ... > Microsoft is where they are today not because they ... > good at marketing and spin. ... > Microsoft's Cost of Producing Software ... > the lower the average cost Let me give you a hypothetical ...
    (microsoft.public.security)
  • Re: one more thing
    ... If you don't want to use Microsoft products, ... > good at marketing and spin. ... > Microsoft's Cost of Producing Software ... > the lower the average cost Let me give you a hypothetical ...
    (microsoft.public.security)