Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Coding / National Security Risk
From: Valdis.Kletnieks () vt edu
Date: Wed, 24 Mar 2004 11:17:26 -0500

On Wed, 24 Mar 2004 10:10:28 GMT, Richard Hatch <r.hatch () eris qinetiq com>  said:

So my idea is this:
Take a team of really really good C/C++ coders with excellent security
vulnerability knowledge and have them go through the source code for windows
(starting with the core functionality and internet facing functionality
maybe).  Find these bugs (including methodical black-box testing against the
binaries) and fix them.

How many "really good" C/C++ coders will it take to go through the 35 million
lines of code in Windows XP in a reasonable amount of time?

How many "really good" C/C++ coders are *available*?

That's overlooking the fact that some things can't be fixed at the coder level.
The average coder can fix a buffer overflow.  The average coder can't fix a
design flaw like the ones exploited in Liu Die Yu's "Six Step IE Remote
Compromise" attack - those sorts of things require major architectural
overhauls.  To see what happens when you try that, go back and look at the
furor when Microsoft finally closed the 'user () pass:host' hole in http requests
- you run that sort of risk of breakage anytime you make an architectural

It's issues like that which make the rule of thumb:  "Security has to be designed
in from the beginning, it can't be bolted on after the fact".

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]