On Wednesday 29 December 2004 23:39, Randall R Schulz wrote:
SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty.
Er, a vulnerablility that hasn't been discovered isn't a danger to anyone and doesn't need protecting against! I'm not sure what you mean to say here.
That certainly does not follow. Black hats can discover vulnerabilities, and I doubt they'd report them to CERT or another risk tracking and reporting authority.
Um, but when a blackhat discovers it it's no longer undiscovered! My point wasn't about the theoretical semantics of when a vulnerability actually becomes a danger (obvious answer: when someone finds it) but that I thought the OP was trying to raise a different point.