Is Finding Security Holes a Good Idea? 433
ekr writes "A lot of effort goes into finding vulnerabilities in
software, but there's no real evidence that it actually improves security. I've been trying to study this problem and the results (pdf) aren't very encouraging. It doesn't look like we're making much of a dent in the overall number of vulnerabilities in the software we use. The paper was presented at the Workshop on Economics and Information Security 2004 and the slides can be found here (pdf)."
Looks like (Score:0, Funny)
/me ducks and runs
High-larious (Score:2, Funny)
New Study (Score:1, Funny)
Re:High-larious (Score:2, Funny)
Maybe one of the olde-tymers can help us here.....
Security guy? (Score:5, Funny)
Really. I didn't make that up, check the link! Who is this guy, and why is he giving me software security advice?!
Re:It helps admins (Score:2, Funny)
Thcs m.ssage wrikken fsing tje Dvorat teyboare payouk.
interesting sig. First one assumes that the message translates to "This message written using the Dvorak keyboard layout. However, the 'E' correctly used at the end of the word assumed to be 'the' and in the beginning of the word 'keyboard' is also used at the end of that word supposedly representing the 'D' letter. The period in the middle of the word assumed to be 'message' translates to 'E' however we can see that natural occurances of the 'E' character appear elsewhere and the period also appears at the end of a sentance correctly. From this i can draw one of two conclusions:
Re:If that happens (Score:3, Funny)
Security through obscurity doesn't work unless the (secure) thing is obscure?
Re:Not necessarily (Score:4, Funny)
IIRC the hotfix for the offensive characters (some font had a swastika or something like that) was listed with the "critical" updates on windows update. Maybe I'm remembering wrong though.
Re:we need no bugs from the start (Score:3, Funny)
Re:Fixing vulnerabilities is GOOD! (Score:3, Funny)
Neo: What exploit?
[Neo turns Oracles computer and intantly pop up adds start appearing on the Oracle's desktop]
Oracle: That exploit.
Neo: I'm sorry--
Oracle: I said don't worry about it. I'll get one of my kids to write a patch for it.
Neo: How did you know?
Oracle: Ohh, what's really going to bake your noodle later on is, would anyone have created that virus if i hadn't have told them about the exploit?