On Tue, Oct 30, 2012 at 5:03 AM, Ben Laurie <[email protected]> wrote: > On Mon, Oct 29, 2012 at 10:34 PM, Jeffrey Walton <[email protected]> wrote: >> On Fri, Oct 26, 2012 at 2:29 PM, John Case <[email protected]> wrote: >>> >>> [SNIP] > > Apparently you think the best way to get a secure platform is to apply > pressure through pointless security standards. I'd suggest your > efforts might be better spent supplying patches instead. Or, y'know, > talking to the authors of the s/w in question. You never know, they > might care. I'm not sure I agree some defenses are pointless. For example, attackers are very clever at building exploits such as ROP gadgets. ASLR and DEP are two of the better defenses we have in this case when a program failed its initial mission of no bugs. I'm not convinced a second line of defense is pointless. And I am aware of userland and kernel leaking addresses at times - I'm just not willing to throw the baby out with the bath water.
Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
