Re: Microsoft Coding / National Security Risk

[Valdis.Kletnieks () vt edu]

On Wed, 24 Mar 2004 10:10:28 GMT, Richard Hatch <r.hatch () eris qinetiq com>  said:

> So my idea is this:
> Take a team of really really good C/C++ coders with excellent security
> vulnerability knowledge and have them go through the source code for windows
> (starting with the core functionality and internet facing functionality
> maybe).  Find these bugs (including methodical black-box testing against the
> binaries) and fix them.

How many "really good" C/C++ coders will it take to go through the 35 million
lines of code in Windows XP in a reasonable amount of time?

How many "really good" C/C++ coders are *available*?

That's overlooking the fact that some things can't be fixed at the coder level.
The average coder can fix a buffer overflow.  The average coder can't fix a
design flaw like the ones exploited in Liu Die Yu's "Six Step IE Remote
Compromise" attack - those sorts of things require major architectural
overhauls.  To see what happens when you try that, go back and look at the
furor when Microsoft finally closed the 'user@pass:host' hole in http requests
- you run that sort of risk of breakage anytime you make an architectural
change.

It's issues like that which make the rule of thumb:  "Security has to be designed
in from the beginning, it can't be bolted on after the fact".

Attachment: _bin
Description: