At 2:08 PM -0500 2/26/04, Bill Cheswick wrote:
>Bill Gates gave a keynote on their current approach to security, and
>the contents of SP2, due out 1H 2004. From what I heard, Bill
>"gets it." He addressed about 4 of my top 6 complaints and remediations.
>Quite a change from the rhetoric of five y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
While I'm not there and not keeping up with it, I haven't really heard
much about gates' keynote - im curious what exactly your top 6 complaints
are?
I think overall security wise with windows my top one is that its so over
integrated and that it
Back in the late 1980's, Apollo Computer (later bought by HP) had an
OS called Aegis. It had, as I recall, 21 different specifiers, plus
inheritance, and they changed meaning for files and directories. It
was everything you could think of.
OTOH, the resulting security was awful. We had their sy
Glenn and Mary Everhart [EMAIL PROTECTED] wrote:
>Same might be true for good old Multics if it can be compiled on
newer iron. (I didn't get close enough to it to know what it was
written in. Maybe someone will comment.)
Hi all,
Multics was written in PL-1 and some assembler. See the following
http://www.dean.usma.edu/socs/ir/ss478/General%20Gordon%20Bio.pdf
What John Gordon is doing giving a keynote at the RSA conference is utterly
and completely beyond my ability to comprehend. If you read his bio at the
link above, you'll find he has absolutely zero background in software or
compute
On Thu February 26 2004 19:32, Mark Curphey quoted:
> According to Gordon, if developers could reduce the error and
> vulnerability rate by a factor of 10, it would "probably eliminate
> something like 90 percent of the current security threats and
> vulnerabilities.
This factoid brought to y
William Herrera wrote:
I think some here might have suggestions about improvements to existing
ACL's.
I'm working on an extensible access-control-list style authorization
system, beyond the usual read/write authorization schemes, probably to
be written as a Perl module for CGI use and using a d
It will mostly just assure that most critical vulnerability info is
never passed to Homeland Security. Vulnerability research mostly comes
from grey hats, and they mostly hate giving that info to people who
hoard it. This exact same reason is why CERT stopped being a useful
source of security i