- From: Jeffrey Walton <noloader@gmail.com>
- Date: Sun, 11 Oct 2015 19:33:41 -0400
- To: Harry Halpin <hhalpin@w3.org>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
> I agree we should be respectful of other people's point of view. > Nonetheless, it is hard to understand how people can simply be wrong about > the basics again and again. For example, expecting older browsers or > operating systems to support standards made since their release seems a bit > backwards. In general, upgrades fix security holes as well. There are two different concepts here. The first is bug and security fixes; and second is feature enhancements. Companies like Apple and Microsoft sell their software and hardware, so they have an obligation to fix their defective products. In some jurisdictions, it may be a legal requirement. > There are excellent free online courses and text-books that go over this > stuff very well. I highly suggest, for example, Ross Anderson's textbook: > > http://www.cl.cam.ac.uk/~rja14/book.html Peter Gutmann has a very good practical book, too: https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf. I've read both, and I don't recall either claiming its OK to ship software, leave it unpatched and then abandon it (like Apple and Microsoft does). Jeff
Received on Sunday, 11 October 2015 23:34:09 UTC