Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Coding / National Security Ri sk
From: "Stuart Fox (DSL AK)" <StuartF () datacom co nz>
Date: Thu, 25 Mar 2004 13:22:33 +1200

also sprach Richard Hatch <r.hatch () eris qinetiq com> 
[2004.03.24.1110 +0100]:
Take a team of really really good C/C++ coders with 
excellent security 
vulnerability knowledge and have them go through the source 
code for 
windows (starting with the core functionality and internet facing 
functionality maybe).  Find these bugs (including 
methodical black-box 
testing against the binaries) and fix them.

You will have a hard time, given the patched OS that Windoze is.
Where design is flawed you can't add security.

Seems to me that common consensus is that the Windows design is actually
relatively good - it is the implementation that is the problem.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • RE: Re: Microsoft Coding / National Security Ri sk Stuart Fox (DSL AK) (Mar 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]