Re: The lack of hard questions

[Trygve Aasheim <trygve () pogostick net>]

Why sometimes "Security Experts" and not the vendor should say if it is 
a vulnerability or a bug, and if its reliable (read entire timeline):

http://www.coresecurity.com/content/open-bsd-advisorie

The vendor might have other interests, and most major vendors run all 
their communication through their marketing department (which usually 
ARE full of crap)...and that doesn't help. Even if they're packed with 
people who can make "reliable exploits"...

And many times the "Security Team" is overbooked (by the marketing 
department to do presentations on seminars or create security whitepaper 
strategies)...

Microsoft might be different of course...but maybe not in the future, 
since they've now proved that security doesn't really sell:

http://pwnie-awards.org/2008/nominees.html#fail






ergosum wrote:

> Charles, no ofense, but the MS Security team has several members who can make 
> reliable exploits, probably much better than many "security experts". So, 
> don't take for granted that MS is full of crap because that shows your lack 
> of knowledge about them.
>
>
>
> > On Aug 27, 2008, at 4:55 PM, Valdis.Kletnieks () vt edu wrote:
> > > On Wed, 27 Aug 2008 09:05:42 EDT, Pusscat said:
> > > > My assumption would be that if it can be made reliable by anyone,
> > > > then it's
> > > > reliable. It probably shouldn't be a quantum value, collapsed by our
> > > > inability ;)
> > > Yes, it only has to be weaponized once.
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunitysec com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave