, SecurityFocus 2006-03-28
UPDATE: Hundreds of malicious Web sites are attempting to exploit the most critical of two flaws announced last week in Microsoft's browser, convincing two companies to release workarounds late Monday to head off the threat.
Expand all |
Post comment
Patches released for zero-day IE threat
2006-03-28
Anonymous (2 replies)
Anonymous (2 replies)
wow how original
2006-03-29
infamous41md (1 replies)
infamous41md (1 replies)
Re: wow how original
2006-03-29
Anonymous (1 replies)
Anonymous (1 replies)
Re: Patches released for zero-day IE threat
2006-03-29
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Patches released for zero-day IE threat
2006-03-30
Anonymous (1 replies)
Anonymous (1 replies)
Patches released for zero-day IE threat
2006-03-28
Anonymous (1 replies)
Anonymous (1 replies)
Patches released for zero-day IE threat
2006-03-29
Juha-Matti Laurio (1 replies)
Juha-Matti Laurio (1 replies)
The only thing that matters is the amount of time that the systems are left vulnerable when exploits are knowingly be used.
That's it.
The fact that bugs are being found and fixed is good for all. Everyone has them. People make mistakes. Who cares?
My system gets infected because 60 days after you first are notified about a vulnerability you still haven't patched it and now someone has started exploiting it and you want to wait another two weeks. Now that's a problem.
Compairing OS bug counts is just ignorant. Linux comes with anywhere from a bit over 1000 to 15-20k packages ready for install and all considered part of the OS. Is that really something you can compair to Windows?
Perhaps if you only compare Kernels....but then which Linux kernel do you compare? Is it even fair to compare kernels of an open OS to one that isn't openly distributing source to the world?
What does not freely distributing source say about your confidence in your product?
Keeping a products source code secret does not protect your copyrights. Copyrights are protected either way. All it does is hide how smart and creative or dumb and frightening your developers are and it makes it harder for potential competitors and customers to write their own original compatible products.
I want nothing but complete disclosure from a vendor I work with. It tells me they are confident and believe in their product.
Security by obscuration is not security at all. It just lulls the developers into a false confidence which in the end is much more dangerous than developers that know at any moment people will be looking at their work, fixing it, and writing damning things about them personally.
That's right. Open source developers put their reputations on the line with each line of code they release. Now that I respect.
Here you are a two bit hack saying they are lazy because they make some mistakes and some twit thinks that's well said? Give me a break.
Open source developers should be commended for putting their name to their work and making sure everyone that uses their software has the opportunity to see *exactly* what they are using.
This is true for libre open source developers and commercial non-libre open source developers.
Open source != Libre Software
I have even more respect for Libre developers.
Well said?
-Chris
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11384/33585#33585