RE: [ISN] Code Red is Not The Problem

From: InfoSec News (isnat_private)
Date: Thu Aug 09 2001 - 04:40:06 PDT

  • Next message: InfoSec News: "[ISN] Hunt reveals hacking tools in MP's computer"

    Forwarded by: William T. Barrett <wtbat_private>
    Interesting thoughts. I thought I would just comment on some of the
    more salient points.  I tried to use humor to point out the
    absurities, but it probably just comes across as being a asshole.
    > How about making providing software, with security bugs, for
    > commercial use a felony or something that no disclaimer can waive
    > responsibility for ? Maybe it should be a felony to release any
    > software package with any known bugs or in doing so a software
    > manufacturer voids any claim to hiding behind a disclaimer.
    Oh great idea.  And we know what a great job those people in
    Washington do writing laws for the computer industry.  I mean with the
    widespread succes of the DMCA and the so called Child Online
    Protection Act and of course the 1996 comunications decentcy act.
    > What about going a step further and including deploying software
    > with security bugs a felony, that way making system admins take
    > more care in the software they install.
    Were you dropped on your head as a child? It's stressful enough to do
    this job without the threat of going to jail for fogeting to install a
    patch.  Of course there wouldnt be a patch to put on because that
    would mean that a flaw exists in the firstplace and therefore you are
    admiting guilt to the first one.
    > I don't care if the cost of software increases ten fold or it
    > takes five times as long to get it out the door, our current
    > industry wide practices are simply not good enough.  It is time
    > that was fixed.
    well bully for you.  personally I have a hard enough time squeezeing
    pennies out for the stuff we use now.  While you aperently have a
    unlimited budget to work with in the real world most companies cant
    afford that.
    > How much would it cost Microsoft to do extensive testing of
    > Windows XP, prior to launch, searching for buffer overflows (for
    > example) in every DLL routine, etc, vs how much it will cost the
    > world to clean up later as the bugs get reported ?
    Oh yes the "billons" of dollars these incedents cost.  You know I
    would like to see somebody be able to explain exatly how they come up
    with these numbers. I'm pretty sure it includes the terms "pulling"
    and "ass".
    > Look at all the i's which need dotting and t's which need crossing
    > if you want to make a vehicle to drive on the roads, never mind
    > sell to others.
    I have yet to hear of anyone getting killed in a computer crash.  (he
    was surfing under the infulence and formated a family of six!! right.)
    > Why do we accept a complete lack of such standards in the software
    > industry?
    Probably because it is virtualy impossable to check billons of lines
    of complex code and find every single possable error.  But that's just
    my oppinion.
    > Unfortunately to get anything along these lines requires lobbying
    > politicians to get them to understand and write the correct bill.
    goto <sarcasm>
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 06:33:44 PDT