[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Support the Sasser-author fund started

To: "full-disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
From: James Riden <j.riden@xxxxxxxxxxxx>
Date: Fri, 14 May 2004 09:12:12 +1200

merlyn@xxxxxxxxxxxxxx (Randal L. Schwartz) writes:

> So why is it, with Microsoft and all of their billeeeunnss of dollars,
> that they wouldn't spend at least SOME MORE of that BEFORE they
> release their code?  OpenBSD manages a decent security review and a
> right mindset towards security on the annual amount of money that Bill
> Gates makes every time he takes a dump.

I haven't seen the Win32 source code, but I'd bet that OpenBSD is
considerably easier to audit - I have a growing suspicion that Win32
is just too complex to be properly secured. A lot of recent patches
have had unintended consequences or have been marked as having new
functionality.

-- 
James Riden / j.riden@xxxxxxxxxxxx / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Support the Sasser-author fund started
  - From: Ron Jackson
- Re: [Full-Disclosure] Support the Sasser-author fund started
  - From: Randal L. Schwartz

Prev by Date: [Full-Disclosure] POA: Outlook Expresss 6.00
Next by Date: Re: [Full-Disclosure] (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)
Previous by thread: Re: [Full-Disclosure] Support the Sasser-author fund started
Next by thread: Re: [Full-Disclosure] Support the Sasser-author fund started
Index(es):
- Date
- Thread