Releasing patches is bad for security
From: Chris Brenton (cbrenton_at_chrisbrenton.org)
Date: 02/26/04
- Previous message: spaceork: "Re: DoS Tool Identification"
- Next in thread: Dave Paris: "RE: Releasing patches is bad for security"
- Reply: Dave Paris: "RE: Releasing patches is bad for security"
- Reply: Clint Bodungen: "Re: Releasing patches is bad for security"
- Reply: Curt Purdy: "RE: Releasing patches is bad for security"
- Reply: mgotts_at_2roads.com: "Re: Releasing patches is bad for security"
- Maybe reply: Gary Nichols: "RE: Releasing patches is bad for security"
- Reply: james: "Re: Releasing patches is bad for security"
- Maybe reply: Joe Miller: "Re: Releasing patches is bad for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Thu, 26 Feb 2004 13:31:03 -0500
Greets all,
This is just such a hoot I had to share:
http://news.bbc.co.uk/1/hi/technology/3485972.stm
The story quotes David Aucsmith, who is in charge of technology at
Microsoft's security business and technology unit as stating:
"We have never had vulnerabilities exploited before the patch was
known,"
The story then goes on to talk about how vulnerabilities are always
reverse engineered from patches. It really sounds to me like he's saying
that patches are *the* problem and if only Microsoft would stop
releasing patches, then all the security issues would just go away.
Microsoft has already dropped down to a monthly patch system. Even then
they have already been skipping months. Could this be early PR spin to
justify not releasing security patches?
C
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: spaceork: "Re: DoS Tool Identification"
- Next in thread: Dave Paris: "RE: Releasing patches is bad for security"
- Reply: Dave Paris: "RE: Releasing patches is bad for security"
- Reply: Clint Bodungen: "Re: Releasing patches is bad for security"
- Reply: Curt Purdy: "RE: Releasing patches is bad for security"
- Reply: mgotts_at_2roads.com: "Re: Releasing patches is bad for security"
- Maybe reply: Gary Nichols: "RE: Releasing patches is bad for security"
- Reply: james: "Re: Releasing patches is bad for security"
- Maybe reply: Joe Miller: "Re: Releasing patches is bad for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
