> I am really surprised by these attitudes. Guys (and gals), these > incidents simply go to reinforce that the software we depend on, has > not received sufficient testing and that we all have gigantic > exposures due to things outside of our direct control
nice anti-vendor rant. but over the last decades we the ops have asked for a jillion features which creates massive code, and there is no hope of testing all the code paths rigorously. the vendors have large test labs, and do what they can. sure, they could do better. so could we all. but it is also coders' responsibility, whether vendors or researchers or hackers, to also test what they send. in this case, clearly that was not done sufficiently. if i am sloppy in my receiving code, the pain is mine. if you are sloppy in your sending code, the pain is not yours. randy