Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Coding / National Security Risk
From: John Sage <jsage () finchhaven com>
Date: Wed, 24 Mar 2004 06:52:49 -0800


On Wed, Mar 24, 2004 at 10:10:28AM -0000, Richard Hatch wrote:
From: "Richard Hatch" <r.hatch () eris qinetiq com>
To: <full-disclosure () lists netsys com>
Subject: [Full-disclosure] Microsoft Coding / National Security Risk
Date: Wed, 24 Mar 2004 10:10:28 -0000

Hi all,

/* snip */

Take a team of really really good C/C++ coders with excellent
security vulnerability knowledge and have them go through the source
code for windows (starting with the core functionality and internet
facing functionality maybe).  Find these bugs (including methodical
black-box testing against the binaries) and fix them.

Allegedly Microsoft has been doing just exactly this for several

Ever heard of "Trustworthy Computing?"

Done a lot of good, hasn't it?

- John
"Mad cow? You'd be mad too, if someone was trying to eat you."

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]