> Microsoft response: Shrug, oh wait a minute does this vulnerability effect > our bottom line? > > OSS community response: We're on it, a fix will be available asap.
Testing takes time. That's why both Microsoft and Mozilla test. A fix being *available* and a fix being *deployable* are not at all the same things. "Just pull the latest build from SVN" is rather noticeably not an option. > "Any complicated and evolving piece of software will have security > vulnerabilities all the time." Quoted for truth. More accurate: "Any complicated piece of software on an active attack surface will have software vulnerabilities found." There's a lot of projects that stopped evolving, but still have hidden vulns. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
