[4704] in WWW Security List Archive
RE: Big IE hole
daemon@ATHENA.MIT.EDU (David Kennedy)
Fri Mar 7 00:14:41 1997
Date: Thu, 6 Mar 1997 21:58:01 -0500
From: David Kennedy <76702.3557@compuserve.com>
To: WWW Security List <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
>We take this kind of bug VERY seriously. We had a whole team of
>engineers up all night working on the fix.
Suggestion: Next time have some quotes from an engineer not some
marketting wonk. As soon as some of us see "marketting" it's like laying
one of those baby dolls on their back and their eyes close. I don't know
anyone with any respect for security has any respect for anyone at
Microsoft's marketting department. There's too much bad history there.
Bob Atkinson recently posted a defense of the Authenticode scheme. I
suggest if more of Microsoft's expertise participated actively in security
forums that the company's present reputation among many of us could be
overhauled. There will alwasy be Unix-biggots. I'd like to think most of
us are more open-mined.
When Marketting is responding to security vulnerabilities, it only
reinforces the belief that security is not on the radar screen in Redmond.
I offer http://www.microsoft.com/security/ as an example of "Marketting in
lieu of Security." If someone like Mr. Atkinson had authored that page, it
might be a useful reference. If the press release to the Chaos exploit had
not even mentioned the word "Java" it might have been accepted.
Those of us who believe in security will not respect Microsoft so long as
Marketting regulates the output.
___________________
Dave Kennedy CISSP
Protect what you connect
Look both ways before crossing the Net
National Computer Security Assoc
76702.3557@compuserve.com
