"This is essentially how Microsoft hacked ISO. Now that the flaw has been demonstrated, any large international corporation with sufficient funds and interest can exploit it as well. So long as the rules remain as they are, ISO is vulnerable. ISO defends this criticism by pointing out what good work they've done in the past, and how they rarely have problems of this kind before. But this shows little appreciation for the nature of the problem which have been demonstrated. It is like arguing that a newly discovered (though long latent) security flaw in an operating system is insignificant because you've never had an attack before now. Of course, this misses the point entirely. Once the vulnerability is known and publicly exploited, you're living on borrowed time until you can secure the system. Today ISO is living on borrowed time and is very close to becoming a Microsoft-infested zombie committee."
http://www.robweir.com/blog/2009/10/final-ooxml-update-part-i.html
No comments:
Post a Comment