Dailydave mailing list archives
Re: Re: Hacking's American as Apple Cider
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 21 Sep 2005 12:12:14 -0400
pageexec () freemail hu wrote:
now, users don't become vulnerable because of disclosure (i know that the 'responsible' disclosure guys like to mislead the public with that, no idea why you picked up their line...), they become vulnerable by running buggy apps (or using weak crypto in the analogy).
I didn't pick up their line; they picked up mine. My involvement in that particular debate goes back a long way. :) Anyhow, I completely disagree with your assertion that "users don't become vulnerable because of disclosure" I believe that users become vulnerable through a combination of events: - choice of what code the user will be running - pre-existence of a flaw in the code - discovery of the flaw - exploitation of the flaw All four of these things must happen (in approximately that order) for a user to become vulnerable. If any single one of those four does not happen, the user is not vulnerable to a particular flaw. Now, anyone involved in any of those four steps must assign or accept moral onus for the consequences of their actions or inactions, if they result in someone being victimized. How you chose to do so depends on your personal value system, if you have one. mjr.
Current thread:
- Re: Default Deny on Executables, (continued)
- Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
- RE: Default Deny on Executables El Nahual (Sep 14)
- Re: Default Deny on Executables Dave Aitel (Sep 14)
- Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
- Re: Default Deny on Executables Joel Eriksson (Sep 14)
- Re: Default Deny on Executables Blue Boar (Sep 14)
- Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 20)
- Re: Re: Hacking's American as Apple Cider Jason Syversen (Sep 20)
- Science? (WAS: Hacking's American as Apple Cider) Barrie Dempster (Sep 21)
- Re: Re: Hacking's American as Apple Cider pageexec (Sep 21)
- Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 21)
- Re: Re: Hacking's American as Apple Cider I)ruid (Sep 23)
- Re: Re: Hacking's American as Apple Cider byte_jump (Sep 23)
- RE: Re: Hacking's American as Apple Cider Paul Melson (Sep 12)