On Tue, 2010-05-11 at 20:23 +0300, Elazar Leibovich wrote: > Why do you think that MS believe in security by obscurity? I believe > that security problems in MS products are generally speaking being > released to the wild. > Why I think MS products has better chance to be secure than your local > Joe Software shop, because they're having strict policies which are > supposed to enforce that: > 1) The SDL development process, which includes fuzz testing the > software specifically against security breaches. Every MS software > must undergo that. Do regular software you use do? > 2) Cryptography awareness. Every product which uses crypto must be > authorized by a specialized crypto group. Crypto is a thing which is > easy to create and hard to verify. Is Winzip encryption algorithm > being reviewed by crypto expert? I'd rather know that the software I > use had a strong peer review. > Correct me if I'm wrong, but this two processes are hardly seen in > other places of the software industry.
... I doubt that any of the above has anything to do with the points I raised in my previous post, but never-mind, lets agree no to agree. - Gilboa _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
