[18361] in bugtraq
Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
daemon@ATHENA.MIT.EDU (Stephen M. Milton)
Wed Dec 27 20:40:32 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBIBOPMIPPABGOGBLKAEPGLIAA.milton@isomedia.com>
Date: Wed, 27 Dec 2000 10:30:21 -0800
Reply-To: "Stephen M. Milton" <milton@ISOMEDIA.COM>
From: "Stephen M. Milton" <milton@ISOMEDIA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <LNBBLPKFPLPJJNBNPFLKCEFPEDAA.ian@bryant-associates.co.uk>
> Whereas I agree it would be desirable for ZoneLabs to fix any notified
> vulnerabilities, I share the view that in terms of RISK the issue is of
> limited importance until an exploit can be devised that can take advantage
> of the theoretical weakness.
This is a terrible idea. The concept that a bug should not be fixed until
AFTER an exploit has been found and demonstrated is ludicrous. Security
bugs are especially important to fix BEFORE the exploit has been created.
2cents.
Stephen Milton
Vice President
ISOMEDIA, Inc.
