[Full-Disclosure] Re: Microsoft Coding / National Security Ri sk
Stuart Fox (DSL AK)
StuartF at datacom.co.nz
Thu Mar 25 01:22:33 GMT 2004
> also sprach Richard Hatch <r.hatch at eris.qinetiq.com>
> [2004.03.24.1110 +0100]:
> > Take a team of really really good C/C++ coders with
> excellent security
> > vulnerability knowledge and have them go through the source
> code for
> > windows (starting with the core functionality and internet facing
> > functionality maybe). Find these bugs (including
> methodical black-box
> > testing against the binaries) and fix them.
> You will have a hard time, given the patched OS that Windoze is.
> Where design is flawed you can't add security.
Seems to me that common consensus is that the Windows design is actually
relatively good - it is the implementation that is the problem.
Full-Disclosure is hosted and sponsored by Secunia.