> production machine. I explained that we had some things to work on, and > that we had a security review planned after we had ensured that the machine > was stable and functional. With all due respect, this is not the way to craft a secure product. Security must be designed in from the beginning; reviewing the security after everything else is already done simply will not result in a secure product. Even a testing release, such as your company provided to Mr. Vardomskiy's, needs to display some security awareness if it is intended to be a secure product after release. His report seems to indicate a lack of such forethought on the part of your developers. -- Kevin L. Mitchell <klmitchat_private> ------------------------- -. .---- --.. ..- -..- -------------------------- http://web.mit.edu/klmitch/www/ (PGP keys availiable from here) RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2 DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:56 PDT