[8891] in bugtraq
Re: Breeze Network Server remote reboot and other bogosity.
daemon@ATHENA.MIT.EDU (Dr. Mudge)
Fri Jan 1 16:37:50 1999
Date: Fri, 1 Jan 1999 16:27:50 -0500
Reply-To: "Dr. Mudge" <mudge@L0PHT.COM>
From: "Dr. Mudge" <mudge@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000b01be351b$0a2d90a0$0200000a@terminus.intranet.int>
On Thu, 31 Dec 1998, Mike Pelley wrote:
> production machine. I explained that we had some things to work on, and
> that we had a security review planned after we had ensured that the machine
> was stable and functional.
>
When are vendors going to realize that security needs to be thought of at
other points in the game then 'after-the-fact'? I'm not familiar with this
particular product but I am, unfortunately, familiar with companies and
product teams that follow this same backwards development routine.
If you design with security in mind from the beginning you get a better
product that is easier to maintain / verify. If you design the product and
then think of security after the fact you are left with duct-tape and
bubble-gum kludges as fixes.
Is it me or is the industry taking a *really* long time to catch on to
this?
.mudge
