flat assembler
Message board for the users of flat assembler.

Index > Heap > Why security problems take so long to be patched

Author
Thread Post new topic Reply to topic
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Look for example http://seclists.org/fulldisclosure/2008/Sep/0160.html
Quote:
VI. VENDOR RESPONSE

Microsoft has officially addressed this vulnerability with Security
Bulletin MS08-052. For more information, consult their bulletin at the
following URL.

http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-5348 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

05/09/2007 Initial vendor notification
05/09/2007 Initial vendor response
09/09/2008 Coordinated public disclosure


This is not the first time I've seen these huge vendor notification to public disclosure gaps, this is just the example that made me ask here Razz
Post 10 Sep 2008, 02:37
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2911
Location: [RSP+8*5]
bitRAKE
One word: politics. Pray you never work for a company where you are a number - just a gear on a do-hickey to a thing-a-ma jig in a whatchamacallit of a larger money machine. Know your boss personally, and if you can talk to the owner of the company semi-regularly then you're in the right place. Any larger and a company is too big, imho.

Not that MS is as bad as say EDS.

_________________
¯\(°_o)/¯ unlicense.org
Post 10 Sep 2008, 03:47
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17267
Location: In your JS exploiting you and your system
revolution
I expect the reason is money. It costs time and effort to fix problems and the return for that effort is zero. It gets fixed when the level of public pressure and embarrassment reach a high enough level that the company is forced to patch it up to make themselves look good.
Post 10 Sep 2008, 04:10
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2911
Location: [RSP+8*5]
bitRAKE
A large company is like a large turd in the intestines - moves slow and doesn't changes directions too easily. Laughing
(Oh, and the cost - don't get some hot air behind it!)

_________________
¯\(°_o)/¯ unlicense.org
Post 10 Sep 2008, 06:14
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.