[Info-vax] BridgeWorks

[Simon Clubley]

On 2024-07-22, Dave Froble <davef at tsoft-inc.com> wrote:
>
> I would not consider SSL, TLS, MD5, Sha-1, and such applications.  They are more 
> environment protection, the way I see it.  And you are correct, some no longer 
> protect the environment for the real apps.
>
> Please explain to me how an application, for example an inventory application 
> that tracks on hand product, would ever be involved in security?  It is the 
> environment that must provide the security, and the apps the actual work. 
> Things get a bit grey when an application communicates outside the environment, 
> but even then, it is the available security that is used, not the apps.
>
> So, your comments are not relevant to whether or not the apps written in say VB6 
> need support, at least from a security perspective.
>

Actually, they very well could be.

One simple example would be that a new form of injection attack is
discovered and it is discovered the old applications do not handle
it correctly. In addition, and making the problem far worse, the
problem may not be in the application code itself, but in one of
the language libraries that the application uses.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.