Full Disclosure mailing list archives
Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)
From: Bryan <bryan () unhwildhats com>
Date: Sat, 20 Apr 2013 20:02:12 -0400
The only point that I was trying to make is that there needs to be more of an investement in the security facet of software development, and that if a company is not willing to invest the resources to create a secure product, not to whine when they get hacked. On Sun, Apr 21, 2013 at 12:43:15AM +0100, Benji wrote:
Sorry, by flaws, I should have said, *"has not prevent bad code/ineffective patches from being pushed out" On Sun, Apr 21, 2013 at 12:41 AM, Benji <me () b3nji com> wrote: (For example, http://webcache.googleusercontent.com/search?q=cache:2cXGaaHnqyMJ:www.computerworld.com/s/article/9235954/Researchers_find_critical_vulnerabilities_in_Java_7_Update_11+&cd=8&hl=en&ct=clnk&gl=uk ) On Sun, Apr 21, 2013 at 12:37 AM, Benji <me () b3nji com> wrote: Because security engineers are different to a QA department you originally suggested, and you seem to be very ideologist about the scenarios. As we've seen, Oracle's Java product has security engineers and this has not prevented flaws. On Sun, Apr 21, 2013 at 12:34 AM, Bryan <bryan () unhwildhats com> wrote: "Your 5-chained-0day-to-code-exec, in my opinion, does not count as negligence and comes from the developer effectively not being a security engineer" Solution: Hire security engineers. "In my opinion we are not at the stage in industry where we can consider/expect any developer to think through each implication of each feature they implement" Solution: Hire security engineers to think through each implication. Why are we disagreeing?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555), (continued)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Bryan (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Bryan (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Bryan (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Bryan (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Valdis . Kletnieks (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) phocean (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Jeffrey Walton (Apr 21)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Benji (Apr 22)