Re: BridgeWorks

On 7/22/2024 1:47 PM, Simon Clubley wrote:

On 2024-07-22, Dave Froble <davef@tsoft-inc.com> wrote:

>
I would not consider SSL, TLS, MD5, Sha-1, and such applications.  They are more
environment protection, the way I see it.  And you are correct, some no longer
protect the environment for the real apps.
>
Please explain to me how an application, for example an inventory application
that tracks on hand product, would ever be involved in security?  It is the
environment that must provide the security, and the apps the actual work.
Things get a bit grey when an application communicates outside the environment,
but even then, it is the available security that is used, not the apps.
>
So, your comments are not relevant to whether or not the apps written in say VB6
need support, at least from a security perspective.
>

>
Actually, they very well could be.
>
One simple example would be that a new form of injection attack is
discovered and it is discovered the old applications do not handle
it correctly. In addition, and making the problem far worse, the
problem may not be in the application code itself, but in one of
the language libraries that the application uses.

Ah, Simon, how does any of what you mention get through a secure environment, and if it cannot, what does anything matter to what is behind that secure environment.
The real question: is the environment secure?
If the environment is not secure, what difference is there about whether the app implementation is supported, whatever that means?
--
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486