On Mon, 15 May 2017, Brad Knowles wrote:
If Microsoft didn't open the security hole in the first place, then there wouldn't be a need to patch it afterwards.
You are very correct. Microsoft opened the hole because they had nothing better to do. Or, could it be that these things happen, akin to a car having to perform a recall. I am sure (with the exception of Volkswagen's clusterf^W) no vendor in any vertical wants to put out subpar products (call me a dreamer.)
Of course, there will always be patches that need to be applied, and people do have to decide what is a sane patching process. But if a patch can be completely avoided because they were more careful and rigorous in their development to begin with, then as a whole the world would be better off.
Rigorous in development means little. Go pick an RFC and you will find that over time, even the foundations have at some point or another been broken/circumvented. I have a mental running joke "Blame Paul Vixie!!!" (Sorry Paul :)) When the world lost their ability to use common sense, anything related to DNS became a blame Paul for writing BIND. No... Old saying: "Any time you point the finger, remember, there are more of your fingers pointing back at you." Organizations do perform testing, and some don't. Just because some don't does not mean the industry as a whole won't, or doesn't do it. The fact MS went out of their way to make patches for systems they SPECIFICALLY stated they would not support no more gives them kudos across the board.
An ounce of prevention on their part would prevent a pound of cure having to be applied by everyone else in the world.
With 20/20 vision, should that mean I should be expected to see someone throwing a 100MPH fastball at me from my back? Would my pound of cure be ESP for seeing the future?
But then Microsoft couldn't extract their value from selling that pound of cure, so that would be another problem.
Sorry to tell you this, that comment makes little sense. I didn't know Microsft sold that pound of cure (patch).
Not everyone licks their chops and thinks "fresh meat" when they see worldwide panic that results from a massive security hole like this.
Jump in the security space, where we may gladly trade our cats and dogs for Porsche Panameras
Some of us just want to get regular work done.
And some of us find that life goes on. This is no different than Nimda, and other minor fiascos that occur every once in a while. With the exception of Morris. No one, not even the worms in the dirt like him. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463 https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463