[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200403241617.i2OGHQeg003261@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Microsoft Coding / National Security Risk
On Wed, 24 Mar 2004 10:10:28 GMT, Richard Hatch <r.hatch@...s.qinetiq.com> said:
> So my idea is this:
> Take a team of really really good C/C++ coders with excellent security
> vulnerability knowledge and have them go through the source code for windows
> (starting with the core functionality and internet facing functionality
> maybe). Find these bugs (including methodical black-box testing against the
> binaries) and fix them.
How many "really good" C/C++ coders will it take to go through the 35 million
lines of code in Windows XP in a reasonable amount of time?
How many "really good" C/C++ coders are *available*?
That's overlooking the fact that some things can't be fixed at the coder level.
The average coder can fix a buffer overflow. The average coder can't fix a
design flaw like the ones exploited in Liu Die Yu's "Six Step IE Remote
Compromise" attack - those sorts of things require major architectural
overhauls. To see what happens when you try that, go back and look at the
furor when Microsoft finally closed the 'user@...s:host' hole in http requests
- you run that sort of risk of breakage anytime you make an architectural
change.
It's issues like that which make the rule of thumb: "Security has to be designed
in from the beginning, it can't be bolted on after the fact".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040324/471b5487/attachment.bin
Powered by blists - more mailing lists