Bugtraq mailing list archives
Re: Full Disclosure works, here's proof:
From: randyb () internex net (Randy Bias)
Date: Mon, 5 Dec 1994 13:38:36 -0800
Getting code right is hard. Getting code right in a complex system is *very* hard. While one can, I claim, do better for security stuff than in the general case, I do not think it is humanly possible to build a large system with no security flaws. (And yes, I put firewalls in that category -- which is why good firewalls are as small and simple as possible.)
Absolutely. I've been a SysAdmin for a while now and I learned very quickly that it's just not a bright idea to install a patch unless you need it. This can be said for a lot of things. If you subscribe to chaos theory (and I do) then you would be better off accepting that you *will* introduce new bugs (and possibly security bugs) while fixing old ones. In that case, you should release the source with the patch, or your customers need to accept that you may get it wrong the first time. --Randy
Current thread:
- bugtraq list problems (resolved?), (continued)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Paul 'Shag' Walmsley (Dec 04)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: smb () research att com (Dec 05)
- Re: Full Disclosure works, here's proof: Randy Bias (Dec 05)