> -----Original Message----- > From: Oliver Lavery [mailto:oliver.lavery@sympatico.ca] > Sent: Tuesday, March 30, 2004 1:11 PM > To: bugtraq@securityfocus.com > Subject: Followup: vuln in WinBlox monitor for winnt <snip> > > That's it. No pissing competition. Liu's onto something > very good > here, but as anyone who installs MS patches will tell ya, > you've got to see > the full implications of a fix before you choose to apply it. > Until this > thing gets rewritten properly, and follows even the most > basic principals of > secure coding, it'll cause more problems than it fixes, in my opinion. > > I firmly believe that these sorts of tricks have tonnes > of potential > and are going to become even more common in the future of the > "so called > security community" tho' ;) <snip> Honestly, most [95%+-] "beta" or "alpha" programs do "cause more problems then they fix". Liu Die Yu is relatively new at development, but he is relatively new at finding bugs -- and he has succeeded substantially at that. I do not doubt that he will succeed substantially at this. And, all of this is yet another great reason to immediately put code opensource at an excellent hosting spot like sourceforge... even from the design phase, but especially from the alpha release stage. Then you have the ability to have others to help out... and you have such neat, modern resources such as bug databases and submission forms. I do not think Liu Die Yu will take half a year or more to fix his bugs.
