Information Security News
mailing list archives
Re: Three Minutes With Microsoft's Scott Culp
From: InfoSec News <isn () c4i org>
Date: Thu, 18 Oct 2001 02:47:14 -0500 (CDT)
Forwarded from: Felix von Leitner <leitner () vim org>
Thus spake InfoSec News (isn () c4i org):
PCW: Tell me what Microsoft does to produce secure software.
Culp: You start off with security in the design. Then you're relying
on good coding practices and on compiling tools to help you catch as
many errors as you can. Once implementation is done, you have testing
of the whole.
Excuse me? Is this Scott Culp from the Microsoft of the parallel
universe where Spock has a beard?
The Microsoft I know does neither design with security in mind
(otherwise, explain ActiveX and COM!), nor does it have good coding
practices (otherwise, explain the trillion buffer overflows in code
running at system privilege in IIS), nor is there any evidence of any
tools that helps them catch a single bug. Look at how they embarass
themselves week after week, with this very mailing list carrying news
of their latest blunders!
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.