Comment from Andy on 2009-10-19
I know that this is a security blog, but don't forget that once in a while patches are to fix functionality bugs rather than security bugs. Sometimes those are even as urgent. While we need to develop...
View ArticleComment from Jay on 2009-10-19
@Stefan: This old saw? You can pull out the "stop using C/C++" thing when your JVM/interpreted-language-of-choice is itself not written in C. Oh, and neither are any of the libraries it uses (so no...
View ArticleComment from Anton on 2009-10-19
@mr wriggly Planes don't crash because the software they deploy is well designed. The technology to create good software is on the table, the will and financial incentive to use it is not.
View ArticleComment from Nick Clarke on 2009-10-19
@Stefan W: a typical editor doesn't keep the file open (as in, keep an operating system file handle) once it has read and displayed the contents. It only momentarily has the disk file 'open' when it...
View ArticleComment from Bob on 2009-10-19
@Anton: "Planes don't crash because the software they deploy is well designed. The technology to create good software is on the table, the will and financial incentive to use it is not." A friend of...
View ArticleComment from billswift on 2009-10-19
Bob, you're missing the economics of a mass market. People pay much, much more than a million dollars for word processors - probably billions. The problem is that it goes into "features" rather than...
View ArticleComment from pik on 2009-10-19
(sorry for my english) What is the problem? "in house" I am after XPsp2 no more server, I am client. Look for issues after full (auto) patched XPsp3 as restricted user. Please tell me your exploits to...
View ArticleComment from Clive Robinson on 2009-10-19
@ billswift, "People pay much, much more than a million dollars for word processors - probably billions." Then you need to add the cost of the "blue screen of death", "Your program has stoped...
View ArticleComment from pdf23ds on 2009-10-19
"You can reach assurance, when you build-in 5 "walls" and HOPE, bad gay have after 4 wall no more desire. THATS ALL." I believe that's the approach the Pentagon takes.
View ArticleComment from Lawrence D'Oliveiro on 2009-10-20
Linux distributions typically do not have “Patch Tuesdays”, they tend to release patches very quickly from when vulnerabilities are discovered. Yet it’s rare to hear of fixes introducing new bugs,...
View ArticleComment from John on 2009-10-20
Security has to be designed in but more that than there has to be a well designed Software Architecture. People joked about the Software Architecture Architecture at DEC but it worked.
View ArticleComment from Nostromo on 2009-10-20
Does any of this matter? If security is important to you, you shouldn't be using Microsoft Windows.
View ArticleComment from nzruss on 2009-10-20
a quick way to get your PC up to patch state after a fresh install, is to use Offline Update tool from http://www.h-online.com/. (its free) It runs a script that gets all the patches from release up...
View ArticleComment from Markus on 2009-10-20
It is impossible to "mathematically prove" the correctness or security of a program -- you can only prove that the program behaves according to a specification. In the case of a modern word processor,...
View ArticleComment from Anonym on 2009-10-20
Well, MS has done really good in this regards. I especially admire the Windows Server Update Services (WSUS) helps a lot.
View ArticleComment from Clive Robinson on 2009-10-20
@ Nostromo, "If security is important to you, you shouldn't be using Microsoft Windows." Although I would agree with you if security where the only concern, in a modern business it is not. Security is...
View ArticleComment from HJohn on 2009-10-20
@Clive Robinson at October 20, 2009 8:53 AM: Although I would agree with you if security where the only concern, in a modern business it is not. ______________ I think you make a good point. MS...
View ArticleComment from Clive Robinson on 2009-10-20
@ Bruce, Without being seen to be or being nasty security experts and gurus are a large part of the problem. For instance you say, "We need to design security into our systems right from the...
View ArticleComment from David on 2009-10-20
@savanik: Many businesses treat Windows versions like that, not adopting an OS until it's been out a long time and service packs applied. Businesses tend to be well behind the leading edge, and often...
View ArticleComment from David on 2009-10-20
@Stefan: There is no such language as C/C++, and I don't trust anybody who uses that particular phrase to know much about either. Modern C++, for example, can be easily written to avoid all of the...
View Article
