From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Microsoft Coding / National Security Risk 

On Wed, 24 Mar 2004 10:10:28 GMT, Richard Hatch <r.hatch@...s.qinetiq.com>  said:

> So my idea is this:
> Take a team of really really good C/C++ coders with excellent security
> vulnerability knowledge and have them go through the source code for windows
> (starting with the core functionality and internet facing functionality
> maybe).  Find these bugs (including methodical black-box testing against the
> binaries) and fix them.

How many "really good" C/C++ coders will it take to go through the 35 million
lines of code in Windows XP in a reasonable amount of time?

How many "really good" C/C++ coders are *available*?

That's overlooking the fact that some things can't be fixed at the coder level.
The average coder can fix a buffer overflow.  The average coder can't fix a
design flaw like the ones exploited in Liu Die Yu's "Six Step IE Remote
Compromise" attack - those sorts of things require major architectural
overhauls.  To see what happens when you try that, go back and look at the
furor when Microsoft finally closed the 'user@...s:host' hole in http requests
- you run that sort of risk of breakage anytime you make an architectural
change.

It's issues like that which make the rule of thumb:  "Security has to be designed
in from the beginning, it can't be bolted on after the fact".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040324/471b5487/attachment.bin

Powered by blists - more mailing lists