[71198] in North American Network Operators' Group
Re: AV/FW Adoption Sudies
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Jun 10 16:49:08 2004
To: EKR <ekr@rtfm.com>
Cc: Paul G <paul@rusko.us>, "'Nanog'" <nanog@merit.edu>
In-Reply-To: Your message of "Thu, 10 Jun 2004 13:30:41 PDT."
<kj8yevrw9a.fsf@romeo.rtfm.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 10 Jun 2004 16:46:34 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-1496079208P
Content-Type: text/plain; charset=us-ascii
On Thu, 10 Jun 2004 13:30:41 PDT, Eric Rescorla said:
> [0] Note that this doesn't require that the chance of finding
> any particular bug upon inspection of the code be very low
> high, but merely that there not be very deep coverage of
> any particular code section.
Right. However, if you hand the team of white hats and the team of black hats
the same "Chatter has it there's a 0-day in Apache's mod_foo handler"....
Note that the rumored 0-day doesn't even have to exist - one has to wonder
how many of the bugs found in Windows by all color hats were inspired by
Allchin's comment under oath that there was an API flaw in Windows so
severe that publishing the API could endanger national security.....
--==_Exmh_-1496079208P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAyMiqcC3lWbTT17ARAnx8AKCeq7IexkOWOOSjSY5l0VQYsJ6zlQCg1Xp3
bg9jXpyBOJ0N1NXw3lxG0QQ=
=V4wX
-----END PGP SIGNATURE-----
--==_Exmh_-1496079208P--
