Nope! gem
-----Original Message----- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Thu Feb 09 09:50:21 2006 To: sc-l@securecoding.org Subject: [SC-L] it's not a bug, it's a feature! Okay, if we are so keen to make distinctions, how about this one? In the recent WMF 0day, it was indeed a feature. But it was a security vulnerability non-the-less. PR-ing it as a feature was indeed, PR. Cisco released a security advisory, advising that a default root password is a "vulnerability" rather than a built-in feature. :) It seems that people often enjoy making the distinction for putting the right spin on things. Myself, I like this quote: "Any sufficiently advanced bug is indistinguishable from a feature". A spin on Arthur C. Clarke's 3rd law. I learned just a few months ago (last year :) ) that it was coined 20 years ago by someone many of us know: Rich Kulawiec. What is your take on this, should this be a huge argument as well? :) Gadi. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
