Re: Microsoft and Security

["Justin Wheeler" <jwheeler () datademons com>]

The simple argument I was making was that if MS' "testing process" is what
keeps patches from coming out in a timely manner, perhaps they should
actually be of decent quality.  When you're getting patches that are both
slow to release, as well as adversely affecting the systems they're being
installed on, MS has met neither of their agends.

Justin

----- Original Message ----- 
From: "Alun Jones" <alun () texis com>
To: "'Justin Wheeler'" <jwheeler () datademons com>; "'Radoslav Dejanovic'"
<radoslav.dejanovic () opsus hr>; <bugtraq () securityfocus com>
Sent: Sunday, July 04, 2004 5:06 PM
Subject: RE: Microsoft and Security


> Justin Wheeler <mailto:jwheeler () datademons com> wrote on Monday, June
> 28, 2004 5:42 AM:
> > Perhaps that'd be a better argument, if there weren't
> > countless patches
> > from MS in the past that broke other things..
>
> ... okay, so you're arguing that even more QA and more testing should be
> done... but in far less time.
>
> > And I'd also be more likely to believe that if there weren't
> > MS patches out
> > there that fix one particular bug, but completely ignore
> > other ones that are
> > nearly IDENTICAL to it.
>
> ... and while you're at it, you'd like us to spend even more time
searching
> for ways to expand our search for the bug's potential impact, rather than
> releasing a smaller fix, with minimal impact, as soon as possible.
>
> I can't even remotely call myself a Microsoft spokesman - but I am trying
to
> figure out exactly what you're looking for.  Perhaps it's just a platform
to
> vent at Microsoft - fine, vent away.  If you have any suggestions for
> improving the process, perhaps you should try and express those
suggestions
> in a coherent manner that could be used, rather than choosing several
> contradictory stances and insisting that Microsoft satisfy them all.
>
> Alun.
> ~~~~