Dailydave mailing list archives
Re: Anonymized Question for *
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Thu, 6 May 2004 15:37:33 -0500
With tools like IDA and Halvar's bindiff code, having access to the source code is no longer as significant advantage as it used to be. Anyone who has tried using the available source code scanners can testify that bugs which were missed by the scanners could easily by found through fuzzing and reverse engineering techniques. Due to advancements in compiler development, the source code may not accurately reflect the compiled product anyways. With that being said, having the source code to an application makes exploit development so much simpler... $question = <<END_QUESTION Does Microsoft's Government Security Program (GSP), which gives access MS source code to participating governments, make it significantly easier for those governments' intelligence services to find vulnerabilities in Microsoft products? **Assumption: Most GSP participants would share the MS source code with their intelligence services... **URL: http://www.linuxinsider.com/perl/story/33504.html END_QUESTION _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Anonymized Question for * Dave Aitel (May 06)
- Re: Anonymized Question for * H D Moore (May 06)
- Re: Anonymized Question for * Dave Aitel (May 06)
- <Possible follow-ups>
- RE: Anonymized Question for * Thor Larholm (May 06)
- Re: Anonymized Question for * H D Moore (May 06)