200 days to fix a broken Windows | TalkBack on ZDNet

On The Insider: Britney's Bikini-Clad Top 10

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack 6 of 81:: Next »; « Previous

Thread View
Flat View

Why don't we look at what MS identified as the problem: "And your programming expertise, which drives you to
decide that 200 days is too long to investigate, write,
debug, test, re-write where required, re-test, etc., would be
what...?"

From the MS security bulletin (MS04-007) for the patch:

"What causes the vulnerability?
The vulnerability is caused by an unchecked buffer in the
Microsoft ASN.1 Library. If exploited, an attacker could gain
system privileges on an affected system."

What effect should adding code to test for a buffer overflow
have on any other part of the system? Closing this
vulnerability should only effect code which relied on the
unchecked buffer condition to execute correctly. Maybe this
is why it took so long to patch;-)

Slapmaxwell, you don't find 200 days to fix this a little
excessive?

If it takes 200 days to close one unchecked buffer in
windows, then it's officially a piece of rubbish.; Posted by: Richard Flude Posted on: 02/13/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

200 days unacceptable d_jedi | 02/13/04

Yeah? slapmaxwell | 02/13/04

since when? stephen732@... | 02/13/04

Since slapmaxwell | 02/13/04

Re: Yeah d_jedi | 02/13/04

Why don't we look at what MS identified as the problem Richard Flude | 02/13/04

Yes, 50 billion in the bank, and this is the best they could do?? DonnieBoy | 02/13/04

trendsetting ? guido_z | 02/13/04

Time contsraints dscherf | 02/13/04

Re: time constraints d_jedi | 02/13/04

I mostly agree with you dscherf | 02/13/04

Why this? Mack DaNife | 02/13/04

why compare? stephen732@... | 02/13/04

Re: Why compare? Mack DaNife | 02/13/04

would you compare m$ to the republicans? middle of nowhere | 02/13/04

political parties stephen732@... | 02/13/04

how is quality defined in redmond? stephen732@... | 02/13/04

Quality guido_z | 02/13/04

If it's making money, it's Quality! gath | 02/13/04

How is quality defined, period? | 02/13/04

I'll take bets on that "forever" IT_User | 02/13/04

OS X stephen732@... | 02/13/04

I agree richdave | 10/09/04

gnu/linux guido_z | 02/13/04

Actually michael-t | 02/13/04

You are missing the point... Mike Cox | 02/13/04

Back in form Mack DaNife | 02/13/04

Bloatware Chris Moller | 02/13/04

Fixin winders??? James Schroer | 02/13/04

Mr. Cox....Do you have a website?.... el1jones | 02/13/04

cox site bway al | 02/13/04

Try this IT_User | 02/13/04

Well why didn't you say anything Mr. Cox? James Schroer | 02/13/04

integration BarbarianHorde | 02/13/04

mmmm goood James Schroer | 02/13/04

linux kernel guido_z | 02/13/04

Guido and Mike Cox crocd | 02/13/04

He did once Michael Kelly | 02/13/04

Don't have to... Mike Cox | 02/13/04

Please do me a favor Michael Kelly | 02/13/04

Integration is important to users jfrankcarr | 02/13/04

MS does NOT do integration Mack DaNife | 02/13/04

Welded design? Mike Cox | 02/13/04

Modular is bad? IT_User | 02/13/04

Modular design Chris Moller | 02/13/04

Over do I'll agree with jfrankcarr | 02/13/04

Simple integration isn't the issue. Michael Kelly | 02/13/04

Don't think anybody would disagree IT_User | 02/13/04

Excellent explanation, IT_User BarbarianHorde | 02/13/04

you are correct JWatson77 | 02/13/04

yes but... ryusen | 02/13/04

BLOATED???????????? Drgnslider | 02/13/04

Mike Cox - FUDmeister, strikes again mwgary | 02/14/04

Is this the same "Mike Cox" ? doug_mentohl@... | 02/14/04

Cause may be conflict of $ales interest KeithRisler | 02/13/04

flawed analogy bway al | 02/13/04

Didn't MS just brag how much quicker they fix stuff? Xunil_Sierutuf | 02/13/04

Stupid friend | 02/13/04

Yeah Richard Flude | 02/13/04

Hmmm John Carroll

| 02/13/04

Delegation of shame. Chris Moller | 02/13/04

So John, say something, tell us you think this was a brilliant MS move. DonnieBoy | 02/13/04

Are you missing the point John? Tim Patterson | 02/13/04

Carroll hits nail squarely on head.. Mike Cox | 02/13/04

Wrong nail IT_User | 02/13/04

Hmmm Update victim | 02/13/04

hahahahaha JWatson77 | 02/13/04

please tell me that was a joke... ryusen | 02/13/04

A few scenarios spring to mind jfrankcarr | 02/13/04

or it was outsorced Hanover Phist | 02/13/04

options... guido_z | 02/13/04

response ryusen | 02/13/04

They Spent More Time Manipulating Their Bookkeeping. brenthawkinsmd | 02/13/04

They say Microsoft can "turn on a dime" George Jay | 02/13/04

If it takes 200 days to release a patch ... George Jay | 02/13/04

It isn't the total number of bugs... IT_User | 02/13/04

Maybe the windows source code was stolen because of this flaw (NT) K B | 02/13/04

Hate it when companies are slow to respond FilledOut | 02/13/04

Procedural Collapse michael-t | 02/13/04

This reminds me of... DragonBRockin | 02/13/04

Windows Works --- Linux is full of bugs that can't be fixed FACT!!! idnew2005@... | 02/16/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More