[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
From: David Vincent <david.vincent@mightyoaks.com>
Date: Wed, 10 Dec 2003 15:53:48 -0800

>   To be fair, do you really think that fixing all currently known, but
> still unfixed bugs would cost millions of dollars?
> 
>   Does hiring people like Lyu Die Lu costs millions of dollars?

because you can find the bugs does not mean you can fix the bugs or solve
the engineering problems which created them in the first place.

>   Internet Explorer is a special case. It just sounds as if Microsoft
> doesn't want to maintain the product any more since the very 
> first version
> of IE 6. As if some day, Bill said "ok, let's freeze everything. Stop
> working on IE, just take the current state of the CVS tree and it will
> remain the same during 10 years".

wouldn't that be sourcesafe, not cvs?  ;P

cheers

-d

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] A new TCP/IP blind data injection technique?
Next by Date: [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
Previous by thread: [Full-Disclosure] Breaking the checksum (a new TCP/IP blind data injection technique)
Next by thread: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Index(es):
- Date
- Thread