On Jun 14, 2011, at 5:08 PM, Dave Aitel wrote: > And you find yourself asking: Now how can that possibly be the case?
$2 billion (or whatever) spent on software security? As you know, it doesn't mean that they are not there, just that Microsoft has made the ROI for vulnerability researchers too small to justify spending an increasing amount of time on finding vulnerabilities. Although, I could have sworn there was a remote on a security appliance or two in the past two years. Of course, I think you need to expand your definition of remote these days. How is social engineering + client exploit not greater than or equal to a remote server vulnerability from a functional level? The former gets you inside the firewall, the latter -- not necessarily. -R
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
