On Thu, 2009-01-08 at 23:28 +0000, Nathan Rixham wrote: > Skip Evans wrote: > > Ashley Sheridan wrote: > >>> think about it for a minute; an OS can either be secure (0 > >>> vulnerabilities) or insecure (1 or more vulnerabilities); as all OS's > >>> have 1 or more vulnerabilities they are all equally insecure; because > >>> they are all insecure. > >>> > > > > What you are saying, in real world terms, not your Binaryland, is that > > if OS A has 2 vulnerabilities that not many people now about, and OS B > > has a whole slew of the posted all over the web that they are both > > equally insecure. > > exactly; they are both insecure, one is not "more insecure" or > "insecurer" - if you make a web app it's either secure or insecure; if > you make an operating system it is secure or insecure. On the flip side > as an OS owner, a single barely known vulnerability is just as much a > worry as 100 well known vulnerabilities. No, this is not a proper comparison. If I have an insecure web app that alllows someone to see another user's real name, and another insecure web app that allows execution of root commands... then I have differing levels of insecurity. Thank you, please try again. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
