Posted by: Anonymous Coward
on August 09, 2006 07:12 AM
I wish the author were being too paranoid, but I'm afraid that he isn't. Having worked in information security, I've learned--a few times the hard way--that the only real way to get some vendors to patch their holes is to disclose the vulnerability publicly and, at times, *loudly*. Then, since they are afraid of egg on their face, they get busy and actually fix it, usually within a few days. The Cisco Black Hat example is a case in point, as are the many Windows/IE holes over the years.
Maybe, if more of these exploits were disclosed publicly, it'd get Microsoft off of its duff and actually (gasp!) start coding correctly again. There was a time, long ago, that they actually did a decent job of that. If the OpenBSD team can do it with their limited resources, then so can MS/Apple/etc with their much larger resources.
I must, therefore, respectfully disagree with the notion that the author "is either reckless or has an axe to grind." I don't see that here; I just see a spade being called a spade, and sometimes vendors don't like that.
Learn about Linux
Download Linux
Get Linux help
Re:I don't think that's the reason
Posted by: Anonymous Coward on August 09, 2006 07:12 AMMaybe, if more of these exploits were disclosed publicly, it'd get Microsoft off of its duff and actually (gasp!) start coding correctly again. There was a time, long ago, that they actually did a decent job of that. If the OpenBSD team can do it with their limited resources, then so can MS/Apple/etc with their much larger resources.
I must, therefore, respectfully disagree with the notion that the author "is either reckless or has an axe to grind." I don't see that here; I just see a spade being called a spade, and sometimes vendors don't like that.
#