Dailydave mailing list archives
Re: Security people are leaches. [sic]
From: pageexec () freemail hu
Date: Fri, 07 Aug 2009 11:22:17 +0200
On 6 Aug 2009 at 21:42, Adrien Kunysz wrote:
On Sat, Aug 01, 2009 at 01:46:07PM +0200, Peter Busser wrote:A secure system is one which is implemented to EXACTLY fit its specification, nothing more, nothing less.Then we are back to "all bugs are security bugs and there is no point in trying to make any distinction".
except we don't live in a black and white world. 'security bug' or heck, just 'bug' is not a binary property, there're many shades of grey in what exactly the bug accomplishes. it's clearly not enough to state that 'this commit fixes something but i did not want to bother to understand what', users of said commits need more information than that. fortunately not all developers share linus' mindset although their efforts are sometimes in vain when what he commits intentionally omits security relevant information.
Linus is obviously not interested in trying to make the distinction,
even if he was, he's not qualified to do that so it's a moot point. but he can and should encourage active research because of his position instead of downplaying the issue or outright biting the proverbial hand that feeds him/them. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Security people are leaches. [sic] pageexec (Jul 27)
- Re: Security people are leaches. [sic] yersinia (Jul 28)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] Aaron (Jul 28)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] Adrien Kunysz (Aug 06)
- Re: Security people are leaches. [sic] pageexec (Aug 07)
- Re: Security people are leaches. [sic] Aaron (Aug 07)
- Re: Security people are leaches. [sic] RB (Aug 16)
- Re: Security people are leaches. [sic] dave (Aug 08)
- Re: Security people are leaches. [sic] Shane Macaulay (Aug 08)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] yersinia (Jul 28)
- <Possible follow-ups>
- Re: Security people are leaches. [sic] Eugene Teo (Aug 10)