Re: Releasing patches is bad for security
From: Clint Bodungen (clint_at_secureconsulting.com)
Date: 02/26/04
- Previous message: Dave Paris: "RE: Releasing patches is bad for security"
- In reply to: Chris Brenton: "Releasing patches is bad for security"
- Next in thread: Curt Purdy: "RE: Releasing patches is bad for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <incidents@securityfocus.com> Date: Thu, 26 Feb 2004 13:47:28 -0600
Chris Brenton wrote Thursday, February 26, 2004 12:31 PM:
> This is just such a hoot I had to share:
> http://news.bbc.co.uk/1/hi/technology/3485972.stm
>
> The story quotes David Aucsmith, who is in charge of technology at
> Microsoft's security business and technology unit as stating:
>
> "We have never had vulnerabilities exploited before the patch was
> known,"
>
> The story then goes on to talk about how vulnerabilities are always
> reverse engineered from patches. It really sounds to me like he's saying
> that patches are *the* problem and if only Microsoft would stop
> releasing patches, then all the security issues would just go away.
>
It seems the author just didn't express what he was trying to say very well.
I think what he was trying to say was disclosure of the patch / patch
details was the culprit... not the actual release of the patch. But yes,
there is still some blatant ignorance in that article.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Dave Paris: "RE: Releasing patches is bad for security"
- In reply to: Chris Brenton: "Releasing patches is bad for security"
- Next in thread: Curt Purdy: "RE: Releasing patches is bad for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
