Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Nov 2001 11:51:17 -0500
From:      "Andrew C. Hornback" <achornback@worldnet.att.net>
To:        "Anthony Atkielski" <anthony@atkielski.com>, "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>
Subject:   RE: Lockdown of FreeBSD machine directly on Net
Message-ID:  <012301c16875$957dda80$6600000a@columbia>
In-Reply-To: <004001c1682e$6db1d5c0$0a00000a@atkielski.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message-----
> From: Anthony Atkielski [mailto:anthony@atkielski.com]
> Sent: Thursday, November 08, 2001 3:22 AM
> To: Andrew C. Hornback; FreeBSD Questions
> Subject: Re: Lockdown of FreeBSD machine directly on Net
>
> Andrew writes:
>
> > So... given this assertion, you're saying that
> > if I attempted to use Code Red against an IIS 2.0
> > installation, it should succeed?
>
> I'm saying that either it will succeed, or it won't, but this
> will not change
> over the lifetime of the product.  A hole that is not originally
> present in the
> code will not magically appear at some later date.  There are
> undiscovered holes
> in existing software, but never new holes.

	You put too much trust in software developers, plain and simple.

	All sorts of things are possible when you start trying to optimize code,
etc. and especially when you have more than one person or group working on a
project.  Compound that with the idea that such groups are fluid and not
static, and you begin to see the real problem.

	There are times when the right hand doesn't know what the left hand is
doing, even in software development.

--- Andy


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012301c16875$957dda80$6600000a>