Secure Coding mailing list archives
it's not a bug, it's a feature!
From: ge at linuxbox.org (Gadi Evron)
Date: Thu, 09 Feb 2006 08:01:52 +0200
Okay, if we are so keen to make distinctions, how about this one? In the recent WMF 0day, it was indeed a feature. But it was a security vulnerability non-the-less. PR-ing it as a feature was indeed, PR. Cisco released a security advisory, advising that a default root password is a "vulnerability" rather than a built-in feature. :) It seems that people often enjoy making the distinction for putting the right spin on things. Myself, I like this quote: "Any sufficiently advanced bug is indistinguishable from a feature". A spin on Arthur C. Clarke's 3rd law. I learned just a few months ago (last year :) ) that it was coined 20 years ago by someone many of us know: Rich Kulawiec. What is your take on this, should this be a huge argument as well? :) Gadi.
Current thread:
- it's not a bug, it's a feature! Gadi Evron (Feb 08)
- <Possible follow-ups>
- it's not a bug, it's a feature! Gary McGraw (Feb 09)