On Sun, Jan 26, 2003 at 06:56:48PM +0000, Paul Vixie wrote:
in fairness to microsoft, there have been worms based on apache and bind and popper and fingerd (buffer overruns) and even sendmail (wizard password) so the wide scale code review one gets from open source software engineering is only a marginal solution to monocultural weakness vectors.
i wasn't pointing at microsoft i was pointing out that leaving software completely exposed when it need not be is potentially problematic perhaps[1] this is worse for software which is used mostly for local connections (ie. LAN, internal network, etc.) such as SQL servers as opposed to software which is designed and/or required to accept connections from all over such as a web-server or MTA --cw [1] where often a higher degree of paranoia exists in the programmers mind and also the likely hood of wide-spread problems being reported appears to be greater