Slow Down the Security Patch Cycle?

Ant writes "Computerworld has an editorial article about slowing down, not speeding up, patch releases."

The goal of this author

[Ice+Station+Zebra]

Is to create questions in the CIO's head about open source and software updates in an attempt to make open source look bad. Remember it was just a little while ago that Bill Gates told all the crackers the only security holes they found were from reading security patches.

Re:in related news

[MrRuslan]

That is not news...thats common knowledge...cmon it's microsoft for god sakes...

Buffer overflows. Why?

[Pig+Hogger]

From the article:

By far, the most common type of exploit is the buffer overflow, and software vendors are spending millions of dollars to find and prevent these types of vulnerabilities. These vulnerabilities still exist -- they are getting fewer in number, however, and finding them is now much more difficult. Part of my consulting practice to software vendors and their major customers is finding and reporting these types of vulnerabilities. Where I used to be able to do the "find vulnerabilities blindfolded with one arm tied behind my back" routine, I now actually have to work to find them in major software products.

Why use a primitive language (C, C++) that is nothing but a glorified assembler that likes to pretend it is a high-level language to write apps? Granted, there is muchos macho appeal to work in C, but if the resulting code is buggy like a chickenwire collander, what good it is to be a jock coder? (I am **NOT** impressed by clever code - and this comes from someone who worked a long time with Forth).

There are far better choices than C* to code programs; there is no excuse to write programs that offer buffer overflows for all to rape.