mailing list archives
Re: Microsoft Coding / National Security Risk
From: Valdis.Kletnieks () vt edu
Date: Wed, 24 Mar 2004 11:17:26 -0500
On Wed, 24 Mar 2004 10:10:28 GMT, Richard Hatch <r.hatch () eris qinetiq com> said:
So my idea is this:
Take a team of really really good C/C++ coders with excellent security
vulnerability knowledge and have them go through the source code for windows
(starting with the core functionality and internet facing functionality
maybe). Find these bugs (including methodical black-box testing against the
binaries) and fix them.
How many "really good" C/C++ coders will it take to go through the 35 million
lines of code in Windows XP in a reasonable amount of time?
How many "really good" C/C++ coders are *available*?
That's overlooking the fact that some things can't be fixed at the coder level.
The average coder can fix a buffer overflow. The average coder can't fix a
design flaw like the ones exploited in Liu Die Yu's "Six Step IE Remote
Compromise" attack - those sorts of things require major architectural
overhauls. To see what happens when you try that, go back and look at the
furor when Microsoft finally closed the 'user () pass:host' hole in http requests
- you run that sort of risk of breakage anytime you make an architectural
It's issues like that which make the rule of thumb: "Security has to be designed
in from the beginning, it can't be bolted on after the fact".