Replies

No pain here. Every program has potential exploits that are revealed. With open source software such exploits are fixed very quickly.

In Microsoft's case when exploits are revealed they tend to go unpatched for months, sometimes a year, or until the next service pack is released. I'm sure as we speak there are IE and Windows exploits out there that MS knows about, and we don't.

I'm sure as we speak there are IE and Windows exploits out there that MS knows about, and we don't.

I'm sure you are right... because applying software patches is a liability as well. There is always the possibility of things breaking when a patch is applied. Thus, if it is a minor vulnerability, one not likely to see a real world variant, it would be irresponsible for MS to announce it publicly.

Why? Because 1. the patch could cause downtime for costumer's. 2. some computers will not be patched, but announcing the vulnerability means that a real world example will surface.

The same thing happens with open-source programs. There a still plenty of people running out of date software with known vulnerabilities. I have seen people scan for and compromise old red hat system in a very short amount of time. I'm not blaming OSS developers for those shortcomings, it is clearly the fault of the individual with the unpatched box, but yes, it can and does happen.

In Microsoft's case when exploits are revealed they tend to go unpatched for months, sometimes a year, or until the next service pack is released.

Here you are way off base. MS releases lots of patches outside of service packs.

-paridel