On Thu, Jan 21, 2010 at 11:22 AM, Christian Sciberras <uuf6...@gmail.com> wrote: > People are unreasonable, first they complain about > lack of quick patches/fixes. Next they complain about > fixes crashing their system. You're right - Corporate America needs to find more folks willing to accept unpatched software that crashes their system. Its hard to justify big bonuses when a company is run into the ground (wait - no its not. Disregard.)
> On Thu, Jan 21, 2010 at 5:12 PM, Dan Kaminsky <d...@doxpara.com> wrote: >> >> On Thu, Jan 21, 2010 at 1:53 AM, Michal Zalewski <lcam...@coredump.cx> >> wrote: >> >> Testing takes time. That's why both Microsoft and Mozilla test. >> > >> > Testing almost never legitimately takes months or years, unless the >> > process is severely broken; contrary to the popular claims, >> > personally, I have serious doubts that QA is a major bottleneck when >> > it comes to security response - certainly not as often as portrayed. >> >> There are a lot of factors that go into how long it takes to run QA. >> Here's a few (I'll leave out the joys of multivendor for now): >> >> [SNIP] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/