[Owasp-dotnet] Re: [Dailydave] Re: Hacking: As American as Apple Cider
Dustin D. Trammell
dtrammell at sipera.com
Tue Sep 13 13:30:54 EDT 2005
On Mon, 2005-09-12 at 01:16 +0100, Dinis Cruz wrote:
> E) "Create tools (and services) that help in the creating of secure
> run-time environments (with Default-Deny and Enumerating goodnesss)".
> With today's complex systems we need help to process the information and
> to simplify that complexly. For example a tool that would remove from
> Windows all files that are not required to execute a particular function
> (if a server is only acting as a web server why does it need to have all
> the other functionality in there?)
The closest thing I've seen to this (for windows) would be XPY:
http://xpy.whyeye.org/
> F) "Slow down the creation of new products/features/functionality and
> focus on getting the ones that we have right" - What we need today is to
> have a secure, reliable, robust, non-exploitable and
> 'no-patches-required' version of what we have today. We don't need a new
> complex system which will bring more vulnerabilities and who nobody will
> really understand (when we already have solutions today that we almost
> understand)
Try telling that to anyone who works in sales/marketing, and you'll find
that while that may be what we need today, what we needed YESTERDAY was
the new bell/whistle/widget. And guess what department brings in the
revenue? Yea.
--
Dustin D. Trammell
Vulnerability Researcher
Sipera Systems Inc. http://www.sipera.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.owasp.org/pipermail/owasp-dotnet/attachments/20050913/57f57f27/attachment.bin
More information about the Owasp-dotnet
mailing list