> But once the product ships they stop looking. rubbish. I have worked there and seen that they do continual vuln assessment through out a products lifetime. [well for the products i worked on. (office 2k3 & 2k7)]
They just dont beat their chest when they patch [they do it silently and push it out with the disclosed vulns] - reverse a few patches and see how many issues are fixed. You seem to often think how it is then state that it is like that - as a fact. it really annoys me. How do you know what ms does and doesnt do? On 27 March 2010 12:58, Larry Seltzer <[email protected]> wrote: > I wrote about this myself a little while ago: > http://blogs.pcmag.com/securitywatch/2009/12/does_microsoft_look_for_vul > ner.php > > Microsoft puts a lot of effort into security research for products under > development. But once the product ships they stop looking. Alex Sotirov > pointed out that Microsoft's customers, by paying iDefense and > TippingPoint and the like, end up paying for research Microsoft should > be doing. Perhaps Microsoft is also a customer of these companies, I > don't know. > > LJS > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Juha-Matti Laurio > Sent: Saturday, March 27, 2010 7:24 AM > To: [email protected] > Subject: [funsec] Miller, Pwn2Own's winner tells Apple, Microsoft to > find their own bugs > > http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Appl > e_Microsoft_to_find_their_own_bugs > > "The only researcher to "three-peat" at the Pwn2Own hacking contest said > today that security is > such a "broken record" that he won't hand over 20 vulnerabilities he's > found in Apple's, > Adobe's and Microsoft's software. > > Instead Charlie Miller will show the vendors how to find the bugs > themselves. > > Miller, who yesterday exploited Safari on a MacBook Pro notebook running > Snow Leopard to win $10,000 in the hacking challenge, > said he's tired of the lack of progress in security. "We find a bug, > they patch it," said Miller. > "We find another bug, they patch it. That doesn't improve the security > of the product." > > Juha-Matti > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
