mailing list archives
Re: Microsoft Coding / National Security Risk
From: John Sage <jsage () finchhaven com>
Date: Wed, 24 Mar 2004 06:52:49 -0800
On Wed, Mar 24, 2004 at 10:10:28AM -0000, Richard Hatch wrote:
From: "Richard Hatch" <r.hatch () eris qinetiq com>
To: <full-disclosure () lists netsys com>
Subject: [Full-disclosure] Microsoft Coding / National Security Risk
Date: Wed, 24 Mar 2004 10:10:28 -0000
/* snip */
Take a team of really really good C/C++ coders with excellent
security vulnerability knowledge and have them go through the source
code for windows (starting with the core functionality and internet
facing functionality maybe). Find these bugs (including methodical
black-box testing against the binaries) and fix them.
Allegedly Microsoft has been doing just exactly this for several
Ever heard of "Trustworthy Computing?"
Done a lot of good, hasn't it?
"Mad cow? You'd be mad too, if someone was trying to eat you."
Full-Disclosure - We believe in it.