funsec mailing list archives
Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs
From: disco jonny <discojonny () gmail com>
Date: Sun, 28 Mar 2010 21:45:51 +0100
But once the product ships they stop looking.
rubbish. I have worked there and seen that they do continual vuln assessment through out a products lifetime. [well for the products i worked on. (office 2k3 & 2k7)] They just dont beat their chest when they patch [they do it silently and push it out with the disclosed vulns] - reverse a few patches and see how many issues are fixed. You seem to often think how it is then state that it is like that - as a fact. it really annoys me. How do you know what ms does and doesnt do? On 27 March 2010 12:58, Larry Seltzer <larry () larryseltzer com> wrote:
I wrote about this myself a little while ago: http://blogs.pcmag.com/securitywatch/2009/12/does_microsoft_look_for_vul ner.php Microsoft puts a lot of effort into security research for products under development. But once the product ships they stop looking. Alex Sotirov pointed out that Microsoft's customers, by paying iDefense and TippingPoint and the like, end up paying for research Microsoft should be doing. Perhaps Microsoft is also a customer of these companies, I don't know. LJS -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio Sent: Saturday, March 27, 2010 7:24 AM To: funsec () linuxbox org Subject: [funsec] Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Appl e_Microsoft_to_find_their_own_bugs "The only researcher to "three-peat" at the Pwn2Own hacking contest said today that security is such a "broken record" that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software. Instead Charlie Miller will show the vendors how to find the bugs themselves. Miller, who yesterday exploited Safari on a MacBook Pro notebook running Snow Leopard to win $10,000 in the hacking challenge, said he's tired of the lack of progress in security. "We find a bug, they patch it," said Miller. "We find another bug, they patch it. That doesn't improve the security of the product." Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Juha-Matti Laurio (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Charles Miller (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)