| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Vista SP1 will contain undocumented fixes | |
|
||
| Time: 00:03 EST/05:03 GMT | News Source: ZDNet | Posted By: Kenneth van Surksum | ||
|
Interesting email in today mailbag: “Will SP1 contain undisclosed or undocumented security fixes?” For some people, counting the number of security flaws that one OS has compared to another is important because it offers a metric upon which to determine which OS is the most secure (personally, I feel that it’s a bogus metric, but I’ll let it slide for now). However, many claim that Microsoft stacks the deck in its favor by not disclosing a full list of vulnerabilities that have been patched by omitting to include those discovered and patched in-house. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 311 Last | Next |
The time now is
8:23:27 AM
ET.
Any comment problems? E-mail us |
| #1 By 37047 (99.241.35.182) at 2/6/2008 7:08:52 AM |
|
Gee, you think? Can anyone name a piece of software that doesn't have undocumented or undisclosed fixes? Can any developer here honestly say that they have never fixed a bug they found while working on their own code without first writing up a detailed bug report? Of course not. We all do it. I work in a small, close knit development shop, and we often fix things we find along the way, without necessarily documenting it in a formal way. Microsoft, with their vast number of coders, would be even worse for this. It just happens.
On a side note, I agree with the author that counting numbers of publicly disclosed bugs fixed is a horrible way to judge the security of a piece of software, without having all the other relevant information, which is almost impossible to get. We (the IT industry) need to come up with a better way to determine things like relative secureness of software. The current methods don't work well. |
| #2 By 6175 (164.223.72.5) at 2/6/2008 12:59:01 PM |
|
The guy who wrote the article understands nothing about the SDL, if he did, he would know that it is a learning process to do things better, not a cure all.
With every vulnerability found, there is a different attack vector learned to write better code. Microsoft has dissected and learned about each of the vulnerabilities found since the release and SP1 and learned from them. They have incorporated these "vectors" into the SDL process and has re-reviewed the code to make changes. His logic is flawed because while they have made "un-documented" changes in the code, there may not be any specific vulnerability addressed. They have just provided better code. Will there still be flaws? Absolutely, but with each vulnerability found, the SDL is improved for the next release. This is a good thing, not a bad thing. Being proactive, however, is also good for security. People who run machines without anti-virus, common sense, or a firewall have no place to complain about being hacked. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 311 Last | Next |
The time now is
8:23:27 AM
ET.
Any comment problems? E-mail us |
