[thelist] closed source securtiy was: DB Security

Ryan Finley RyanF at SonicFoundry.com
Thu May 3 17:27:16 CDT 2001


<<
Granted, there is no security with a lazy/stupid sys admin. Sure MS
products(and I'm not just picking on them here, I'm saying almost *any*
closed source application, ms was just my example thakns to the exploit)
can be secure. Anything *can* be secure.. The thing is though, shouldn't
your software be *inherently* secure? Especially software that can make
or break a business?
>>

I agree that software should be inherently secure...I don't understand why
Microsoft needs a security checklist...why don't they make the security
checklist the default.

However, let's imagine a car analogy: Wearing your seatbelt takes two
seconds...why don't people do it!  Don't maintain your brakes...it's not
Ford's fault when you crash into a tree.

Crappy tires on your SUV get recalled...they issue a recall.
Crappy code in your webserver gets exposed...they issue a patch.

People only fix one of the above...Guess which?

	Ryan




More information about the thelist mailing list