Date: Thu, 2 Mar 2000 11:08:15 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org> Cc: freebsd-chat <chat@freebsd.org> Subject: Re: any news on w2k in the world? Message-ID: <Pine.BSF.4.21.0003021105010.90348-100000@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.21.0003021037260.76883-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Mar 2000, Kris Kennaway wrote:
> Security isn't a matter of options, it's a process. All of the security
> knobs in the world won't help you if the product has a poor implementation
> of the security model. After 5 years in the field, they're STILL finding
> and fixing security bugs in Windows NT 4.
Actually, I should amend the above for the sake of accuracy. Microsoft
doesn't, and have never really done, much in the way of finding their own
security bugs in released products. They usually rely on outside people to
discover the hole, spend a while denying it exists (probably to cover
themselves while they furiously try to fix it), then eventually release a
patch (the first version of which isn't properly regression tested and
breaks a lot of other things), eventually (sometimes months later)
releasing a security bulletin which takes all the credit for finding the
bug themselves.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003021105010.90348-100000>