[Full-Disclosure] Re: Gates: 'You don't need perfect code' for good security
dufresne at winternet.com
Mon Nov 3 18:01:00 GMT 2003
> It wasn't a general statement on MS security, though it was ambiguous enough.
> He mixed a lot of generalisms (layered security, Windows a target because it
> is more widely deployed) with a lot of non-sequitur specifics (Win2K3 hasn't
> seen a lot of exploits [duh! it isn't widely deployed! See the last
The "target due to large deployment" argument takes on less significance
when one considers that most every site has at least one 'router' and
cisco dominates that realm, yet, the targeting of successful cisco
exploits is certainly tons smaller then most the sploits that target
desktops. And I use the term 'desktops' specifically, as most corps will
find their 'servers' seldom sploited like their desktop env's. Even those
places that use alot of windows systems as 'servers'.
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Full-Disclosure is hosted and sponsored by Secunia.