Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerability
From: petard <petard () freeshell org>
Date: Wed, 10 Dec 2003 21:34:04 +0000
On Wed, Dec 10, 2003 at 12:07:21PM -0800, Daniel H. Renner wrote:
They simply don't want it fixed. We can guess why, but they know why - and they aren't telling. Not a good sign...
You don't have to make it sound like a consipracy. It isn't. Here's why, and it's perfectly obvious. Corporations are in the business of maximizing profits. Contrary to what some might think, this does not mean releasing perfect products. It means balancing customer demand (the amount of money to be made) against the cost of fulfilling that demand to varying degrees and delivering. If a corporation's paying customers do not demand that flaws be fixed, or if they gain more paying customers by adding new features than they do by fixing flaws things go unfixed. So the answer is not "They simply don't want it fixed." The answer is "It is more profitable not to fix all the flaws than it is to fix them." Microsoft estimates that they lose more money by spending it to fix some problems than from people choosing alternative products as a result of those problems. So if you want them to fix it, the way to get them to do so is to vote, en masse, with your dollars. They will then lose more $$ from not fixing these problems than they will spend to fix them. It is immaterial whether they "want" to fix them. They are not in the business of doing what they want but what is profitable. Make it unprofitable to ship a broken product, and that will change. One of the ways to make it unprofitable to ship a broken product is to post flaws like this in public places. In fact, it's one of the most effective ways. Telling them quietly without notifying the public does not accomplish that. Regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Internet Explorer URL parsing vulnerability, (continued)
- RE: Re: Internet Explorer URL parsing vulnerability Kristian Hermansen (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability Karlis Zigurs (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 11)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Rainer Gerhards (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability John Sage (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Daniel H. Renner (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 12)