Re: [Full-Disclosure] RE: Linux (in)security

[madsaxon <madsaxon@direcway.com>]

At 09:57 AM 10/23/03 -0700, John Sage wrote:

> I simply cannot think of a more clear, distinct, and comprehensive
> indictment of Microsoft and its operating systems than the unrelenting
> torrent of patches that it issues to fix the defective products that
> its monopoly position in the marketplace has allowed it to foist upon
> the world.
>
> Sure, the UNIX'es and Linux'es of the world have some problems, but
> really now, nothing like Windows.
>
> And a patch, when issued, pretty much works as expected.

Don't get me wrong, I agree with almost all of what you're saying
about Microsoft's poor track record.  However, in the interest
of fairness I'd like to add that I've had to back out of a fair
number of patches to various Unices and Linux systems because the
patch broke something else, usually in a fairly complex enterprise
environment.

I think the reality is that patching comes in a poor second to
engineering secure code in the first place, and that is an area
in which virtually everyone in the industry desperately
needs improvement.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html