|
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: comp.security.unix, comp.os.ms-windows.nt.admin.security
From: d...@cr.yp.to (D. J. Bernstein)
Date: 9 Apr 2001 03:23:19 GMT
Local: Sun, Apr 8 2001 11:23 pm
Subject: Re: It's becoming obvious that...
Julian T. J. Midgley <j...@xenoclast.org> wrote:
> Immediate full disclosure without prior notification or attempted On the contrary. Immediate full disclosure, with a working exploit, > notification of the author is self-evidently foolish. punishes the programmer for his bad code. He panics; he has to rush to fix the problem; he loses users. You're whining that punishment is painful. You're ignoring the effect > > Software can and should be structured so that the errors don't produce On the contrary. Automatic bounds checking, for example, is easy to get > > security problems. > Doh! Whatever mechanism you choose for this structuring, it will > itself be vulnerable to errors (in both design and implementation). right. A small amount of code, small enough to be bug-free, can protect the entire system, if the system is structured properly. ---Dan You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||